The security and privacy problems with online conferencing

  • 7 April 2020
  • NormanL

A number of offices and individuals have turned to video conferencing platforms in this age of stay-at-home orders. Even if you can't be there in person, these platforms allow you to be there virtually -- a face and a voice on a screen in real time.

It's a marvel of the internet age. But it could also be a massive security and privacy risk. Consider the case of Zoom, a suddenly very popular conferencing platform that has gotten a lot of scrutiny from online security experts:

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. And it uses all of this surveillance data for profit, against your interests.

That's an astonishing amount of information. The security concerns are even more hair raising:

Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account.


The New York Attorney General is investigating the company. Security researchers are combing through the software, looking for other things Zoom is doing and not telling anyone about. There are more stories waiting to be discovered.

Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out. (Their 4/1 response to all of this is here.) On 4/2, the company said it would freeze all feature development and focus on security and privacy. Let's see if that's anything more than a PR move.

In the meantime, you should either lock Zoom down as best you can, or -- better yet -- abandon the platform altogether.

There's much, much more at the link, and we enourage you to read it all.

Perhaps the best advice wth any online program? User beware.