If, before COVID-19, you were concerned about all thedata that technology companies had about you, just wait. As stay-at-home orders push more professional and social activities online, it’s becoming harder to remain in control.
Look no further than Zoom, which suffereddual security and privacy crisesin the past few weeks. Lawsuits alleging data sharing violations and hackers have descended on the software, which has ledGoogle and school districts to ban Zoomfor professional use.
I’m a researcher who investigateshow these concerns affect the use of online platforms. The first thing to understand is that privacy and security are two different things, and they have different consequences for using videoconferencing platforms.
Privacy versus security
Privacy refers to individuals’universal rightsto control their data. Security is how that data is protected. One or both can be compromised when using popular videoconferencing tools, leaving personal information vulnerable.
For example, say someone signs up for a new videoconferencing platform using full name, email address and phone number. Ideally, the platform company would maintain both privacy and security, meaning the company wouldn’t share that person’s information outside the company, and would keep their system protected from hackers and viruses. The most private platforms, likeSignalandFaceTime, use end-to-end encryption to ensure that even the companies themselves do not have access to the contents of anyone’s communication. When such systems are kept secure, they are the best communication tools to use.
Alternatively, a company could compromise privacy but maintain security, meaning it would collect information about video calls and sell that data to a third party for marketing purposes. Many companies will include such conditions in their terms of service,which users rarely read. However, companies have incentive to maintain security; they don’t want to be overrun with criminals or pranksters, which could damage their reputations.
Worst case is when a company surrenders both privacy and security, meaning they share personal information with third parties, and theyfail to prevent data breaches. Offerings from these companies are the riskiest of all digital tools, and unfortunately, they’re all too common.
Here’s how some of the most popular video conferencing services stack up.
Zoom has also come under fire for security flaws that have allowed “Zoom-bombers” to intrude on personal calls, often using profane or obnoxious content. The company admitted that it hasfallen short on protecting users’ privacy and securityand is working to fix the problems.
To differentiate its security from Zoom, Microsoft’s Teams has implementeddual-factor authentication, meaning passwords are not enough. Users need to also enter email or text codes to log in. The Microsoft family of software – though not Teams specifically – confronted a number of security problems this year, including abreach of its customer service centerthat exposed 14 years of information. The jury is still out on whether it’s a more secure alternative to Zoom.
Unlike Zoom and Teams, Webex offers hosts the option ofend-to-end encryption, meaning only the sender of a message and its recipient have access to the data within. This is a strong privacy feature, but it’s elective and tends to limit the usefulness of the tool.
Webex is not immune to security breaches, but the difference between this company and their competitors is their transparency and quick patches. The platform actively maintains apublic list of vulnerabilities, which documents how the company has resolved them.
Skype has a privacy problem. Itshares user datawith third parties, across the entire Microsoft family, and even with law enforcement when asked. In a benign effort to improve customer service, itallowed employees to access recordings of Skype conversationsfrom their personal computers over a period of several years. Such tasks have since been transferred to a secure facility, but it doesn’t change the fact that if you’ve used Skype lately, your privacy has been compromised.
Like Teams, Skype uses dual-factor authentication but it was also likely compromised in themassive Microsoft customer service breachearlier this year.
Long before Facebook acquired WhatsApp, the video chat service providedend-to-end encryptionon calls and messages. The privacy of chats here are, and always have been, protected.
However, WhatsApp suffered a very public security breach when Jeff Bezos’ personal messages were compromised by spyware and leaked. That was one of12 vulnerabilitiesthe platform faced last year.
Apple’s FaceTime also boastsend-to-end protections, and the company has upheld its commitment to privacy byrefusing requests from the FBIto access user devices. It’s positioning itself as a steward of user privacy.
Like other services, FaceTime has been susceptible to occasional security hacks. In early 2019, users reported asecurity glitch in its group callswhere recipients could hear and see callers before answering. The feature was disabled and patched, and the service has been without a major incident since.
Settings and choices
Across all these platforms, people should use complex passwords, turn on enhanced security features, like the use ofwaiting roomsandchannel moderation, and make sure conferences are restricted to intended guests. It’s also important to consider what can be seen on camera, like a loan statement pinned to a bulletin board or an envelope with a home address visible. Try videoconferencing in front of a neutral wall or usingblurredorcustomizedbackdrops to keep the home environment off camera.
There’s still room in the market for more reliably secure, private videoconferencing systems. But in the meantime, not all communication requires the same levels of privacy and security. People might not care much if marketers or even pranksters crash their G-rated happy hours. But confidential client meetings and remote health care consultations are another matter. The companies’ offerings and track records, outlined here, should help people choose the videoconferencing tool that best balances usefulness with privacy and security.