Are Zoom Chats Private? Here's Why You Should Think Before Opening The App
As a huge number of people work from home during the COVID-19 crisis, Zoom videoconferencing is thriving. According to figures published at the end of February, Zoom added over 2 million users so far in 2020–more than across all of 2019.
But Zoom users now have more reasons to be concerned about the app’s privacy and security. Under certain circumstances, it turns out, multiple people in your meeting might be about to read your private messages.
Get started on your cybersecurity degree at American Military University.
A Twitter user wrote: “If you’re having a committee meeting via Zoom and you use the chat function to privately write to someone, your colleagues may not see it in real time, but it shows up when the chat is downloaded and put in the minutes folder.”
I asked Zoom if the Twitter claim was true and a spokesperson explained: “If a host chooses to record a Zoom meeting to the cloud, only chats sent publicly (to everyone in the meeting) are saved.”
However: “If a host chooses to record a Zoom meeting locally, then chats sent publicly, as well as any private chat exchanges that the host who chose to record the meeting participated in during session, are saved.”
If you are a Zoom host, it’s worth checking before allowing others to access the minutes folder.
Zoom’s had a bad week for privacy and security
But Zoom’s privacy and security are of so much concern that the U.S. attorney general is looking into its practices. Meanwhile, Zoom is facing a class action lawsuit after it emerged the firm was sharing data with Facebook, Vice News reported.
Zoom’s “misleading” end-to-end encryption claims
Another Zoom problem centres around Zoom’s claims that the video conferencing app is end-to-end encrypted–in other words, no one, even Zoom itself, can read your chats. But according to a report on online news site The Intercept–which calls the claims “misleading,”–Zoom “is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.”
This is despite the fact that Zoom claims on its website that meetings connected by computer audio are end-to-end encrypted. Instead, the firm offers transport encryption, or TLS, which is the same tech web servers use to secure HTTPS websites. It means the connection between your app and Zoom’s server is encrypted, but Zoom could, if it wanted, access the data.
Zoom emphasized that it does not directly access, mine or sell user data. And it’s quite possible that the firm’s policy has simply confused the two types of encryption. However, as it is, the claim is misleading.
I have asked Zoom for further comment on this story and will update it when the firm responds.
No end to Zoom’s problems
It seems there are no end to Zoom’s problems, and it’s certainly hard to trust the fast-growing video conferencing app. But these issues do also emphasize the importance of doing your research when using a new app or service. It’s free for a reason.
“As video calls increase, we really need to take moment away from this new normal and look into the privacy issues that go in unison with free apps,” says Jake Moore, cybersecurity specialist at ESET. “We must remember that the app is free and there is a lot of information being shared without our direct knowledge–which is effectively the price for using the platform.”
I get it: Zoom is so functional and hard to match, at least from a business perspective and for large group chats. Houseparty is also growing in popularity, and stories citing a hack have been discredited, so you might want to try that for social chats. Just make sure you lock it down first with settings such as “private mode.”
Moore advises people to use privacy focused platforms such as Signal for encrypted messaging and calling.
I agree that Signal is probably the best choice, and FaceTime is good if you are able to use an Apple device. But I also recommend trying a new open source app called Jitsi, which is easy to use and pretty secure, at least as far as video calling goes.