The “Zoom issue” refers to the recent controversy surrounding Zoom’s privacy and security policies. Specifically, there are concerns that Zoom is sharing user data with Facebook without properly notifying users or obtaining consent.
What is Zoom?
Zoom is a video conferencing service that has seen a massive surge in usage due to the COVID-19 pandemic. With many people working and studying from home, Zoom has become one of the primary ways for people to communicate face-to-face virtually.
Zoom offers a free basic subscription as well as paid plans with more features for personal and business use. Some of Zoom’s key features include:
- HD video and audio calls with up to 100 participants
- Screen sharing
- Collaboration tools like annotations and whiteboards
- Encrypted calls
- Ability to record sessions
Before the recent privacy issues came to light, Zoom was generally well-regarded for its easy-to-use interface and reliability compared to competitors.
How does Zoom integrate with Facebook?
Zoom provides a feature that allows users to log in or sign up for a Zoom account through their Facebook profile. This is convenient for users as it avoids having to set up another username and password.
Behind the scenes, this Facebook integration means that some data is shared between Zoom and Facebook. Specifically, if users sign up for Zoom using Facebook, Zoom receives access to basic Facebook profile information such as name, email address, gender, timezone, city, and profile picture.
What is the privacy issue with Zoom and Facebook?
The core privacy issue is that Zoom shared some user data with Facebook without properly disclosing this to users or obtaining explicit consent.
Here’s a summary of the key details on this issue:
- Zoom’s iOS app was sharing user data with Facebook even for users who did not have a Facebook account or who did not log in with Facebook. This affected around 700,000 Zoom users.
- The data shared included details like when a user opened the app, their timezone, city, phone model, and a unique advertiser ID.
- This data sharing allowed Facebook to target ads more effectively by supplementing what they know about users.
- Zoom did not prominently disclose this data sharing in their privacy policy.
- Users were unable to opt-out of this data sharing unless they specifically configured advanced privacy settings on their phone.
This issue was first uncovered in late March 2020 by the Vice publication Motherboard. After the report, Zoom apologized and removed the Facebook SDK that enabled the data sharing.
How has Facebook responded?
Facebook has stated that they were unaware that Zoom was sharing this type of data without users’ consent. Facebook says the data was collected and used following standard practices for advertiser and developer partnerships.
Facebook emphasized that Zoom controls how they handle data from any Facebook integration. Facebook maintains that it was Zoom’s responsibility to properly notify users about any data sharing.
How has Zoom responded?
Zoom has apologized for the “mistake” of sharing user data with Facebook without proper consent. Zoom said they added the Facebook SDK to their iOS app in order to allow users to more easily find and connect with friends and colleagues on Zoom. However, Zoom acknowledged they should have been more transparent about the data sharing that this enabled.
In response to this issue becoming public, Zoom took the following actions:
- Removed the Facebook SDK from their iOS app
- Updated their privacy policy to be more transparent and clear about what data may be collected and shared
- Stated that users will need to expressly opt-in to data sharing with third-parties in the future
Zoom also stated that about 700,000 iOS users were potentially impacted by this issue. Since the Facebook SDK has been removed, Zoom claims that no further user data is being shared with Facebook through the iOS app.
What does this mean for Zoom and Facebook users?
For Zoom users, this situation means that some personal data was shared with Facebook without their knowledge or consent through the iOS app. However, now that Zoom has removed the Facebook SDK, this data sharing is no longer happening.
Zoom users should make sure they have updated to the latest version of the Zoom app on iOS. Enabling app updates ensures any fixes and privacy improvements are installed automatically.
For Facebook users, it means that Facebook may have received additional supplemental data about you without your knowledge if you were one of the Zoom iOS users affected.
Are there any legal implications?
At this point, no lawsuits have been filed against Zoom or Facebook related to this data sharing issue. However, legal experts say there could be grounds for a class action lawsuit against Zoom for violating privacy laws.
Specifically, Zoom did not prominently disclose the data sharing in their privacy policy, nor did they obtain clear user consent. This type of issue has led to major lawsuits against tech companies like Facebook in the past.
Zoom is also facing scrutiny from regulators in the U.S. and other countries around its privacy and security practices more broadly. For example, the New York State Attorney General sent a letter to Zoom asking what security measures they have put in place to handle increased user loads.
While no formal legal action has been taken yet, Zoom could face financial penalties if regulators find them to be in violation of privacy laws regarding obtaining user consent.
How can users protect their privacy?
Here are some tips for how Zoom and Facebook users can protect their privacy:
- Carefully read privacy policies for any apps and services you use to understand their data practices. Zoom has updated their policy to be more transparent.
- Be cautious about connecting apps and services to social media accounts whenever possible. Use unique credentials instead.
- Frequently review and adjust privacy settings in apps and on social media. Opt-out of any data sharing that you are uncomfortable with.
- Be thoughtful about what information you provide to any online service. Share only what is needed for the service’s functionality.
- Use strong passwords and enable multi-factor authentication where available.
- Install app and software updates promptly to get privacy fixes and improvements.
Should Zoom users be concerned about security in general?
The Facebook data sharing issue has drawn more attention to Zoom’s overall security practices. Zoom does implement some security measures:
- End-to-end encryption for Zoom video meetings
- Password protection and waiting rooms for meetings
- Ability to lock meetings and remove attendees
However, researchers and reporters have found issues like these:
- Not enabling end-to-end encryption by default for all meetings
- Some encryption keys were routed through China unintentionally
- “Zoombombing” incidents of uninvited guests disrupting meetings
Zoom is working quickly to fix reported vulnerabilities and improve their security protections given the huge increase in users. Users should apply basic precautions like using passwords and waiting rooms. But enterprises and governments may want to critically evaluate Zoom based on its track record so far.
Conclusion
In summary, Zoom shared some iOS user data with Facebook without properly disclosing or gaining consent for this practice. The specific data shared posed a privacy risk as it could allow targeted ads. Zoom has removed the API that enabled this, but it demonstrates the importance of being cautious about connecting apps and reading privacy policies closely.
This issue also highlighted more general concerns around Zoom’s security protections and privacy standards. Zoom is working to improve in these areas, but users should be thoughtful about what data they share on the platform. Applying basic security settings can help protect your Zoom meetings.