Agreements or conferences from the home office as well as conversations with friends and family are currently often carried out with the video conference software Zoom. However, the service has numerous data protection problems. So the iOS app from Zoom according to that Online magazine motherboard secretly send detailed information to Facebook, even if the user does not have an account there.
Even if the video conference service is used via the website, data flows to a number of tracking services, such as the security researcher Mike Kuketz in a short analysis found out. Due to a serious security breach in the past year unsolicited on the webcam of millions of zoom users can be accessed on the Mac. This was still possible even after uninstalling the software.
When you first open the Zoom app on iOS, data transfer to Facebook begins. Zoom notifies Facebook every time the app is opened and sends detailed information about the user’s device: for example, the model, the time zone and the city the user is currently in, as well as the telecommunications provider used.
In addition, the device-specific advertising ID is transmitted to Facebook. If tracking services such as Facebook are integrated into several apps that a user uses, the data collected in each case can be merged using the advertising ID. This way for example diseasesTravel behavior Dating and more assign to a person.
No reference to Facebook in the data protection declaration
In the Data protection However, there is no indication of data sharing on Facebook, said Pat Walshe, activist at Privacy Matters, motherboard. There, Zoom only explains in general that “certain standard advertising tools that require personal data (think, for example, of Google Ads and Google Analytics)” would be used. No other tracking services like Facebook are mentioned. “I think that ultimately users can decide how they feel when Zoom and other apps send data to Facebook, even if there is no direct evidence of the disclosure of sensitive data in the current versions,” said iOS researcher Will Strafach.
Even if the video conferencing software is used on the Zoom website, the situation is no better. Kuketz opened a zoom account on the website for test purposes and found a long list of integrated tracking, marketing and analysis services, including Tag Manager, Doubleclick and Google Analytics as well as Facebook, Yahoo Advertising, Hotjar and a number of others. His email address set up for test purposes, i.e. a personal date, was sent directly to Wootric.
Even more privacy issues
The US civil rights organization too Electronic Frontier Foundation (EFF) criticized several functions of the zoom service. For example, administrators or supervisors could track the attention of zoom users in a conference: They can be notified if the zoom window has not been in focus for 30 seconds, for example because another program such as a browser is being used. Administrators also see detailed information about the devices used and can join conferences without being asked.
One was even worse Vulnerability in the past year that allowed attackers to access millions of Mac users’ webcams. This was even possible if Zoom users had uninstalled the software because Zoom set up an undocumented, local web server on the Mac computers that remained on the Mac even after the Zoom application was uninstalled. If a user visited a prepared website, they could transfer these commands to the local server and add the user to a video conference without their consent – including the live stream of their webcam.