Wednesday, 1 April 2020

Zoom app privacy concerns grow as fast as its popularity

Even in times of the Coronavirus outbreak, companies continue to find ways and means to make money off of people. After Houseparty went through what would be considered a PR nightmare, now Zoom is at the centre of a privacy firestorm. After being discovered that the app was sharing user data with Facebook, Zoom’s tryst with controversy continues.

One of the promises made by Zoom is that all video calls on their platform are end-to-end encrypted. The Intercept reports that that’s not entirely true and that the contents of the video call can be intercepted. According to the report, Zoom is using transport encryption. Interestingly, a Zoom spokesperson told The Intercept that, "Currently, it is not possible to enable E2E (end-to-end) encryption for Zoom video meetings," the spokesperson said, adding, "Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection." TLS encryption could allow Zoom to actually access the contents of the video call, and hence, could eventually be compelled by law enforcement to turn the contents over. Zoom has emphasized that “Zoom has layered safeguards in place to protect our users' privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including—but not limited to—the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.” Zoom’s privacy and security practices have attracted the attention of New York Attorney General Letitia James, who has started querying the scope of protections offered by Zoom to its users’ privacy.

Another issue that’s popped up is the mass availability of email IDs on Zoom. The video conferencing app has a nifty feature that clubs users with the same domain names in their email IDs together. For example, if I signed up with my email ID that ended in @digit.in and my colleagues did the same, its logical to assume that we’d want to have a conference together, so making our IDs available to each other is sensible. Users signing up using Gmail or Hotmail-like big domain names do not get their mail IDs clubbed together, but those with lesser-known domain names are now suddenly finding their address books flooded with thousands of unknown contacts.

Zoom, as an app, has been around since 2012 on the App Store and 2013 on the Play Store. It is not a new app, by any means, that was rushed to the public due to the potential offered by the lockdown. However, as the app gained rapid popularity, the number of people scrutinizing it for privacy issues also increased. It would appear that Zoom is again dealing with a PR problem, all of which could be addressed with a simple, detailed disclosure.



from Latest Technology News https://ift.tt/2yi3V62

No comments:

Post a Comment