Beware online privacy in the new age of remote working

Man video-conference colleagues

As well causing a big spike in the number of VPN users around the world, the global coronavirus lockdown has also been a boom-time for a number of remote working platforms.

One of the biggest beneficiaries has been Zoom which has seen a huge spike in users as people turn to it as a teleconference provider for both professional and personal reasons.

But this growth in users has seen much more attention being paid to how Zoom works and already this has revealed some worrying privacy risks that all users should be aware of.

Zoom’s privacy problem

2020 has been a remarkable year for Zoom. In the first two months of the year, it added more users than in the whole of 2019 and it is already the video-conferencing software of choice for the UK Government as well as countless companies across the UK and beyond.

But with even Cabinet meetings being held on Zoom, you might expect it to be a secure and private piece of software. Not so. Privacy experts have been looking closely at Zoom in recent weeks and they have some big concerns.

Let’s begin with a positive.

In the Zoom privacy policy it sort of states that they will not sell user data on to third parties. The wording here is not as precise as we would like to see, but it is certainly better than nothing.

But the Zoom privacy policy does admit that it uses “certain standard advertising tools… which require personal data.” These appear to be things like Google Analytics and Google Ads. Their iOS app also used to send data to Facebook by default, but Zoom have now pulled this bit of code in the face of fierce criticism.

These tools also appear to have access to what Zoom describes as “customer content”. This broad definition appears to include such specific details as the names of every user on a call, the video footage generated, the contents of any documents shared and transcripts of what was said on the call.

This is a huge amount of potentially confidential and private information and Zoom has found itself stuck in a hailstorm of criticism once this information emerged.

Zoom’s defence

They have attempted to deal with the issue by publishing a blog post that seeks to reassure users. They are at pains to stress that user privacy is a key priority for them and insist that “no data regarding user activity on the Zoom platform – including video, audio, and chat content – is ever provided to third parties for advertising purposes”.

Commenting to Wired, a Zoom spokesperson said that the platform has “layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including – but not limited to – the video, audio and chat content of those meetings.”

But privacy experts remain convinced that Zoom’s policy allows it to access far more personal data than is strictly necessary. They also say it gives the host of a call a lot of power too.

Zoom’s default settings allow the host to record any video, audio, or text content from any user. They can also monitor whether other users are paying attention to the camera.

Some of these settings can be switched off but they are almost all enabled by default and in the rush to find a video-conferencing tool, many people will not have considered checking the settings at all.

Most privacy advisors recommend looking at the settings before using Zoom. They also suggest clearing your cookies and temporary files after each call to stop Zoom and its advertisers tracking your activity. Ideally, you should also use a unique email address for Zoom that is not used for any other sensitive content.

Note-taking app security concerns

Zoom is not the only newly popular online tool that is raising concerns.

A study conducted by privacy-focused search engine DuckDuckGo has revealed how many American citizens are using note-taking apps to store sensitive information without giving any consideration to how secure these programmes are.

According to DuckDuckGo, 45.3% of the 1,029 people surveyed had used a note-taking app to store things like login credentials, social security numbers, credit card information, and security or PIN codes. In the current climate, this is likely to be even higher.

While a lot of note-taking apps like Microsoft’s OneNote do give users the option to encrypt and password-protect their notes, this feature has to be enabled manually.

Yet 58.2% of people didn’t realize that many notes apps don’t encrypt notes by default. This suggests that almost two-thirds of users were making no effort to secure their notes because they assumed they were already protected.

Evernote, the most popular note-taking app does let you encrypt text within a note, but you cannot encrypt either an entire note or any other type of file you might be storing on your notes. The only way to keep these documents secure is to password protect them elsewhere before uploading them onto Evernote.

Remote working is inevitably going to lead to a big increase in the number of users of apps and software like Zoom and Evernote. But with increased research revealing the serious privacy limitations many of these apps have, it is important that new users go into this new world with their eyes open.

We understand that you need to keep working and find online tools fast. But take a moment to look at the small print and do a little research to see just how secure and private the new apps you are using are.

Remember, remote working is likely to be a boom-time for hackers too and neither you nor your business wants to find yourselves falling victim to an unnecessary hack when a little time and consideration could have left you using online tools that were not just functional, but also private and secure.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *