Beats Studio Buds review Windows 10 support ends in 2025 All the E3 2021 trailers Bill Gates' summer reading list Chrissy Teigen apologizes Pre-Prime Day deals

Zoom privacy risks: Here's what information others may be able to see from your video chats

The video conferencing software could be sharing more information with others than you think.

Listen
- 05:18
14-zoom-app-meetings-work-from-home-coronavirus

Make sure you update your Zoom privacy settings.

Sarah Tew/CNET

More than a year into working from home, you've likely mastered choosing your custom Zoom background, mercifully sparing your colleagues the sight of a growing pile of gym socks behind your desk, and you might think you've got a handle on the conference call software du jour. Unfortunately, there are a few other data security considerations to make if you want to hide your dirty laundry. 

Zoom quickly become the video meeting app of choice when the novel coronavirus caused a surge in work-from-home activity. As vaccines roll out and offices become hybrid workplaces, it looks like Zoom is here to stay. With that popularity, however, comes privacy risks, which extend to a greater number of users. 

Read more: 20 Zoom video chat tips, tricks and hidden features

how-to-tech-tips-logo-badge.png
Brett Pearce/CNET

From built-in attention-tracking features (which have since been disabled) to exploitable software bugs and issues with "Zoom-bombing" (where uninvited attendees break into and disrupt meetings) -- Zoom's security practices have drawn scrutiny from users worldwide over the past year. In March 2020, New York's Attorney General Letitia James sent Zoom a letter outlining privacy vulnerability concerns. The Electronic Frontier Foundation also cautioned users working from home about the software's onboard privacy features. 

Privacy experts previously expressed concerns about Zoom in 2019, when the video-conferencing software experienced both a webcam hacking scandal, and a bug that allowed snooping users to potentially join video meetings they hadn't been invited to, if those meetings were not protected with a password. 

The issues exacerbated by widespread adoption at the start of the pandemic were just the latest chapter in the software's rocky security history, and prompted Zoom CEO Eric Yuan to respond to concerns in April 2020, freezing feature updates to address security issues over a 90-day update rollout. Though Zoom has since added new security features like end-to-end encryption, there are still a few things you should watch out for to keep your chats as private as possible. 

Here are some of the privacy vulnerabilities in Zoom that you should watch out for while working remotely. 

Zoom's cloud recording feature might share meeting video with people outside the call 

For paid subscribers, Zoom's cloud recording feature can either be a life-saver or a catastrophic faux pas waiting to happen. If the feature is enabled on the account, a host can record the meeting along with its text transcription and a text file of any active chats in that meeting, and save it to the cloud where it can later be accessed by other authorized users at your company, including people who may have never attended the meeting in question. Yikes. 

As Mashable's Jack Morse put it, "What that suggests, but doesn't clarify, is that for non-webinar/standard meetings, your person-to-person chat messages would be later sent to your boss after a call recorded to the cloud."

Zoom does allow a narrowing of the audience here, however. Administrators can limit the recording's accessibility to only certain preapproved IP addresses, even if the recording has already been shared. Participants can also see when a meeting is being recorded.

Read more: The best VPN services for 2021  

Zoom even shared information with Facebook

By now, you're used to hearing it from the privacy-minded: Don't use Facebook to log in to other sites and software unless you want Facebook to have data on what you're doing. Fair enough. But what to do when Zoom gets caught sending some of your analytics data to Facebook -- whether or not you even have a Facebook account? 

An analysis by Vice's Motherboard found the iOS version of the Zoom app doing exactly that. Courtesy of Facebook's Graph API, Zoom was telling Facebook whenever you opened the Zoom app, what phone or device you were using, and your phone carrier, location and a unique advertising identifier. Motherboard also reported that Zoom had updated its iOS app so the app would stop sending certain data to Facebook.

In a March 2020 blog post, Zoom addressed the issue, noting "our customers' privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser."

001-facebook-app-logo-on-phone-2021

Zoom can share information with third parties, including Facebook.

Sarah Tew/CNET

As late as March 2020, Zoom's privacy policy contained some breezy language about its relationship to third-party data crunchers, which gives one reason to question where else -- and to what extent -- that data was being shared or sold that we didn't know about.

"Zoom does use certain standard advertising tools which require Personal Data (think, for example, Google Ads and Google Analytics). We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the Internet, serving personalized ads on our website, and providing analytics services)," the policy said at the time. "Sharing Personal Data with the third-party provider while using these tools may fall within the extremely broad definition of the 'sale' of Personal Data under certain state laws because those companies might use Personal Data for their own business purposes, as well as Zoom's purposes."

But at the end of March, Zoom updated its privacy policy. In a statement following the move, Zoom said that while it wasn't changing any of its actual practices, it wanted to make its language clearer. Regarding its relationship to third-party data handlers described above, the company drew a line in the sand between its product and its website. "This only pertains to user activity on the zoom.us website. No data regarding user activity on the Zoom platform -- including video, audio, and chat content -- is ever provided to third parties for advertising purposes," the company said.

You should probably review your Zoom and device security settings with an eye toward minimizing permissions, and make sure any anti-tracking software on your device is up to date and running. 

It may not help, but it can't hurt.

For more, check out how to use the sneaky Zoom Escaper tool to get out of your meetings, and how to combat Zoom anxiety

Now playing: Watch this: 3 video calling alternatives to Zoom
3:34