[Update: March 28th] Zoom has removed the Facebook SDK and stated that it was unaware that the social network was collecting unnecessary data. It’ll still let users sign in via Facebook through the web browser.
Zoom, a video conferencing software, that has gained huge popularity as the world is under lockdown is in the news again… but not for the right reasons. Despite becoming the default choice for a huge chunk of users to study or remotely with ease, the company has been dubious about its data collection procedures. As per a report by Motherboard, the iOS version of the Zoom app sends analytics data to Facebook. Interestingly, the data is shared even if the users don’t have a Facebook account. Even more stranger is the fact that no such data sharing policies have ever been mentioned in Zoom’s terms and conditions.
It’s worth noting that such data collection by Facebook is quite common as many of the third-party apps use Facebook’s SDKs (software development kits) to offer increased functionality. Zoom also uses the same as it connects to Facebook’s Graph API for sharing data. The app notifies the social network giant when it’s opened. Details regarding the users, their location and their service providers are shared. All this makes the data potent enough to create a targeted advertising model for the particular user. Though no malicious activity related to sensitive data sharing has been identified currently by the experts, it depends on the users how they want to perceive the ambiguity of the scenario. While Zoom’s privacy policy mentions that third-party advertisers like Google Ads do collect some info, it doesn’t divulge any info regarding data being shared to Facebook.
It’s also important to mention that this isn’t the first time the app has come under scrutiny for its privacy issues. The activist group Electronic Frontier Foundation (EFF) revealed that the app has a lot of flaws in it. Hosts can monitor the participants by seeing if their Zoom app is open or not. In other words, if a user is not on the app for more than a specific time period it automatically notifies the host. This might be beneficial to the host in some situations, but it’s still a violation of one’s privacy. Zoom had previously installed easily exploitable local web servers on a user’s Mac device. These were used by malicious websites to take over the webcam without any knowledge of the user. Later after a complaint against the company, it was removed. The platform enables the administrators to see the IP address, location data, and device information on each participant, the EFF added. Zoom also offers to record the meetings in the cloud for a paid subscription, clearly adding the privacy risks of being hacked for sensitive information. It also provides .txt file transcripts of in-meeting chat messages to the hosts.
Related read: Best video conferencing software
Facebook, on being contacted separately, informed that it values transparency with users with regards to data sharing. It states that when using their services the third party apps should provide a robust declaration of how the user data might be used for measurement services and targeted advertisements. Zoom’s privacy policy states that third-party apps automatically collect data, but doesn’t explicitly mention the link with Facebook. Zoom did not comment on this particular issue, so it remains to be seen if the company fixes the problem. Meanwhile, if you want to look for apps that don’t value your privacy, then EFF has created this handy guide.
2 Comments
Pingback: SaaS weekly roundup #13: Microsoft introduces Office 365 for personal use, Zoom’s privacy nightmare continues and more – SaaSworthy Blog
Pingback: SaaS weekly roundup #12: Zoom sends user data to Facebook, Humio raises Series B funding and more – SaaSworthy Blog