You are here

Settlement requires Zoom to better secure your personal information

Share this page

Daily life has changed a lot since the pandemic started. Because face-to-face interactions aren’t possible for so many of us, we’ve turned to videoconferencing for work meetings, school, catching up with our friends, even seeing the doctor.

When we rely on technology in these new ways, we share a lot of sensitive personal information. We may not think about it, but companies know they have an obligation to protect that information.

The FTC just announced a case against videoconferencing service Zoom about the security of consumers’ information and videoconferences, also known as “Meetings.” The FTC claimed that Zoom failed to protect users’ information in a variety of ways:

  • Zoom said it provided end-to-end encryption — a way to protect communications so only the sender and the recipient can see it — for Zoom Meetings. It didn’t.
  • Zoom said it secured Meetings with a higher level of encryption than it actually provided.
  • Zoom told users who recorded a Meeting that it would save a secure, encrypted recording of the meeting when it ended. In reality, Zoom kept unencrypted recordings on its servers for up to 60 days before moving them to its secure cloud storage.
  • Zoom installed software, called ZoomOpener, on Mac users’ computers. This software bypassed a Safari browser security setting and put users at risk — for example, it could have allowed strangers to spy on users through their computer’s web cameras. Or hackers could have exploited the vulnerability to download malware onto — and take control of — users’ computers. If users deleted the Zoom app, the ZoomOpener remained, as did these security vulnerabilities. Zoom could re-install the app without the user’s permission and without letting them know. (Apple removed the ZoomOpener web server from users’ computers in 2019.)
  • Zoom didn’t give users the straight scoop about the ZoomOpener software. Zoom said the software was a bug fix, but didn’t tell users that it would be installing a web server that would circumvent a privacy and security safeguard, or that the software would remain on their computers even after they had deleted Zoom.

Zoom agreed to settle the charges brought by the FTC. Though Zoom has now discontinued many of the practices challenged in the complaint, the settlement puts your security top of mind for Zoom. It requires Zoom to live up to its privacy and security promises and to put in place a comprehensive security program designed to protect your information for many years to come — or pay big fines.

Check out our consumer tips to see how you can stay safe while video conferencing. And if you use video conferencing as part of your business operations, see Video conferencing: 10 privacy tips for your business.

Comments

Thank you very much for your work.

My desk computer was hacked after numerous Zoom meetings when the first quarantine in California ( I am a teacher), and now I thinking about it was because the vulnerability of Zoom on this situation. The criminals got my bank-credit card information and used and robbed me. So sad.

Thank you for your oversight.

Sounds pretty good to me

Our Zoom meetings have a password and an user code, but when I launch the link it does not require me to input the password. Also, I received a popup on my last Zoom meeting call saying to upgrade to Zoom 5.0. Was this legitimate?

I have used Zoom various times for doctor appointments. church services. Health Insurance conference calls did not know what I’ve said during these moments that would compromise my security.

I don't use a computer I use my phone don't have a computer

Leave a Comment