The privacy and security of video conferencing are far from perfect

If, prior to COVID-19, you were concerned about all the data tech companies had about you, just wait. As orders to stay home spur more professional and social activities online, it is becoming increasingly difficult to maintain control.

Look no further, Zoom, which suffered from dual security and privacy crises in recent weeks. Lawsuits alleging data-sharing violations and hackers have fallen on the software, prompting Google and school districts to ban Zoom for professional use.

I am a researcher investigating how these concerns affect the use of online platforms. The first thing to understand is that privacy and security are two different things, and have different consequences for the use of video conferencing platforms.

Privacy versus security

Privacy refers to the universal rights of people to control their data. Security is how that data is protected. One or both can be compromised when using popular video conferencing tools, leaving personal information vulnerable.

For example, suppose someone subscribes to a new video conferencing platform using their full name, email address, and phone number. Ideally, the platform company would maintain both privacy and security, which means that the company would not share that person’s information outside of the company, and would keep its system protected from hackers and viruses. More private platforms, such as Signal and FaceTime, use end-to-end encryption to ensure that even companies themselves don’t have access to anyone’s communication content. When such systems are kept secure, they are the best communication tools to use.

Alternatively, a company could compromise privacy but maintain security, which means it would collect information about video calls and sell that data to a third party for marketing purposes. Many companies will include such conditions in their terms of service, which users rarely read. However, companies have incentives to maintain security; they do not want to be invaded by criminals or pranksters, which could damage their reputation.

The worst case scenario is when a company gives up both privacy and security, which means they share personal information with third parties and cannot avoid data breaches. These companies’ offerings are the riskiest digital tools and, unfortunately, they are all too common.

This is how some of the most popular video conferencing services compare.

Video conferencing options

Zoom’s most current privacy policy states that the company “does[es] not allow third parties to use personal data obtained from users for their own purposes, unless you authorize it. “However, Zoom is currently facing a lawsuit alleging that it violated this agreement and shared user data with Facebook. The company It claims that this was a breach of security, not privacy, and that it was not compensated for by the exchange of data.

Zoom has also been criticized for security flaws that have allowed “Zoom-bombers” to intrude on personal calls, often using profane or objectionable content. The company admitted that it has failed to protect users’ privacy and security and is working to fix the problems.

Microsoft Teams privacy policy leaves no doubt. It explicitly states that it “collects data from you, through our interactions with you and through our products.” You are direct about using this information to market users, personalize their experiences, and even participate in legal research. In other words, don’t make privacy assumptions here: all personal data on the platform is fair game.

To differentiate their security from Zoom, Microsoft teams have implemented two-factor authentication, which means that passwords are not enough. Users must also enter email or text codes to log in. Microsoft’s software family, though not specifically Teams, faced a number of security issues this year, including a breach of its customer service center that exposed 14 years of information. The jury still doesn’t know if it’s a safer alternative to Zoom.

Unlike Zoom and Teams, Webex offers hosts the option of end-to-end encryption, which means that only the sender of a message and its recipient have access to the data it contains. This is a strong privacy feature, but it is elective and tends to limit the utility of the tool.

Webex is not immune to security breaches, but the difference between this company and its competitors is its transparency and fast patches. The platform actively maintains a public list of vulnerabilities, which documents how the company has resolved them.

Skype has a privacy problem. It shares user data with third parties, throughout the Microsoft family, and even with law enforcement when requested. In a benign effort to improve customer service, he allowed employees to access recordings of Skype conversations from their personal computers over a period of several years. Those tasks have been transferred to a secure installation, but it doesn’t change the fact that if you’ve been using Skype lately, your privacy has been compromised.

Like Teams, Skype uses two-factor authentication, but it was also likely compromised in Microsoft’s massive violation of customer service earlier this year.

Long before Facebook acquired WhatsApp, the video chat service provided end-to-end encryption on calls and messages. Chat privacy here is, and always has been, protected.

However, WhatsApp suffered a very public security breach when Jeff Bezos’s personal messages were compromised by spyware and leaked. That was one of the 12 vulnerabilities the platform faced last year.

Apple’s FaceTime also has end-to-end protections, and the company has upheld its commitment to privacy by rejecting FBI requests to access users’ devices. You are positioning yourself as a user privacy manager.

Like other services, FaceTime has been susceptible to occasional security attacks. In early 2019, users reported a security flaw in their group calls where recipients were able to hear and see callers before answering. The feature was disabled and patched, and the service has been without a major incident since then.

Settings and choices

On all of these platforms, people must use complex passwords, activate enhanced security features such as use of waiting rooms and channel moderation, and ensure that conferences are restricted to guests. It’s also important to note what can be seen on camera, such as a loan statement pinned to a bulletin board or an envelope with a visible home address. Try video conferencing against a neutral wall, or use blurry or custom backgrounds to keep the home environment off camera.

There is still room on the market for more secure and reliable private video conferencing systems. But in the meantime, not all communications require the same levels of privacy and security. People may not care much if vendors or even pranksters ruin their G-rated happy hours, but confidential customer meetings and remote health care consultations are another matter. The company tracking offers and logs, outlined here, should help people choose the video conferencing tool that best balances utility with privacy and security.

---

---

This article is republished from The Conversation under a Creative Commons license. Read the original article.