Wednesday , September 23 2020
Home / ARTIFICIAL INTELLIGENCE / why should you be wary of Zoom and Houseparty video conferencing applications?

why should you be wary of Zoom and Houseparty video conferencing applications?

Downloaded millions of times around the world, these two video conferencing applications have been extremely successful due to containment. It also highlighted problems with the management of users' personal data.

With the containment imposed in many countries due to the coronavirus pandemic, the use of communication applications is exploding. The Zoom and Houseparty applications benefited from this enthusiasm. If these two American applications allow telecommuting or aperitifs with friends, they are also singled out for their use of personal data. Unclear confidentiality policies, general data protection regulations (GDPR) not respected, conversations not encrypted … The True False Unit of Franceinfo explains to you.

On March 26, Motherboard, one of the reference sites of the American tech press, reveals that Zoom, on its version for iPhone, sent data to Facebook on its users, even if they were not registered on the platform . This information related to the phone model used, the time zone or the IP address. An unsurprising practice. “The principle is to recover data to make corrections”, explains Jean-Marc Bourguignon to franceinfo. The technical director of Noting2Hide, an association that offers tools to citizens to protect their personal information, explains that the fact of passing up these so-called data “telemetry” is legal. . Among other things, this process “to improve the software”, or to make updates.

However, the lack of transparency on this subject is problematic. Before Zoom rectified its privacy policy on March 28, nothing on its site told users that their data was being sent to Facebook. It was just said that Zoom could harvest your “Facebook profile information when you use Facebook to connect to [leur] products “. However, no mention was made of the personal data that the social network received. The day after Motherboard's revelations, Zoom apologized on its blog and announced the removal of this feature. For the modification to be effective, the user is invited to update the application. This did not stop Letitia James, Attorney General of New York State, from sending her a letter to “ensuring that society takes appropriate measures to guarantee the privacy and security of users”, said a spokesperson for the prosecutor.

Neither Zoom nor Houseparty encrypts the conversations from start to finish. “Conversations are encrypted between the users themselves, but not between the users and the servers of Zoom and Houseparty”, says Jean-Marc Bourguignon. The two services can therefore decrypt the information on their servers and access user information. Houseparty clearly explains in its privacy policy to be “free to use the content of all communications made via its services, including any idea, invention, concept or technique” even for “develop, design or sell goods and services”.

If you are a company for example and you intend to exchange secret information know that Houseparty and Zoom can access your conversations.Suzanne de Vergnolle
doctoral student in law and specialist in the protection of personal data
at franceinfo

Accessing communications is annoying because “there is a principle of secrecy of communications”, explains Suzanne Vergnolle to franceinfo. However, the doctoral student in law at Paris II Panthéon-Assas University and specialist in the protection of personal data recalls that from the moment the user accepts the conditions of the service in full awareness, the latter has fulfilled his obligation to 'information. Despite this, several questions arise, according to Suzanne Vergnolle, regarding the use made of the content of the conversations, in particular in terms of intellectual property protection.

Cyber ​​security research firm Check Point Research has revealed another flaw in the Zoom platform. It allows people to invite themselves to meetings to broadcast pornographic images, to utter racist insults or simply to listen to conversations. The FBI office in Boston also said on Monday March 30 in a statement “have received several reports of teleconferences disrupted by pornographic or hateful images and threatening language”. This happens when a video conference room has not been set up with a password. Again, Zoom has announced that it has corrected the problem.

The application downloaded 115,000 times in France during the week of March 16 has also been criticized for its “attendee attention tracking” tools, for “attention indicator” in French. This feature allows the host of a meeting to know the behavior of his guests, in particular to know if they change windows to go to a site other than that of the meeting for example. According to Zoom, which is justified on its website, this functionality is intended so that teachers can keep an eye on the attention of their students.

The Zoom and Houseparty applications collect very large personal data. Houseparty clearly details this in its privacy policy. This ranges from the name of the mobile operator and geolocation information to “pages you visit before and after using the services”. For Suzanne Vergnolle, “if Houseparty is transparent enough about the data collected, that does not mean that it respects European law”. The doctoral student specializing in the protection of personal data believes that the principle of minimization, present in the General Data Protection Regulations (GDPR), is not respected. This principle guarantees that personal data must be adequate, relevant and limited to what is necessary with regard to the purposes for which it is processed. Compliance with the GDPR is mandatory within the European Union, but also applies to organizations outside the EU from the moment their activity targets European residents.

As for the Zoom application, it changed its privacy policy twice between March 18 and March 29. For Suzanne Vergnolle, this is not reassuring and questions the concrete implementation of the principles of data protection. Finally, Zoom will probably still have to change its privacy policy again since researchers have just discovered, Thursday April 2, four new computer vulnerabilities.

If a French internet user believes that their data is not being used in accordance with the GDPR, they can appeal to the National Commission for Data Protection (Cnil). It is also possible to ask the company to exercise a right of erasure.

Leave a Reply

Your email address will not be published. Required fields are marked *