Comprehensive software reviews to make better IT decisions
University Researchers Use AI to Highlight Zoom’s Privacy Risks
University researchers used artificial intelligence (AI) in an experiment to determine the extent of privacy risks associated with using the popular web conferencing tool Zoom. Publicly available data scraped from a number of social networks was cross-referenced as part of this research.
Online technology publication VentureBeat recently published an article that highlights research conducted by Ben-Gurion University on Zoom privacy. The research includes the use of public screenshots of video meetings analyzed along with publicly accessible content curated from Instagram and Twitter using simple searches on keywords and hashtags.
The process made use of over 15,700 publicly available meeting screenshots processed through Microsoft Azure Face API, allowing researchers to differentiate 1,153 unique faces from the 140,000 rendered. Researchers were then able to determine the gender and age of each face and further cross-reference that data with text recognition to extract 85,000 usernames. They were further able to cross-reference their findings against public social network accounts to determine identities and other personal information.
Source: SoftwareReviews Product Scorecard. Accessed July 22, 2020.
The research goes on to recommend privacy risk mitigation techniques, such using pseudo-names, hiding backgrounds, and implementing video filters that can foil facial recognition software. The full research paper can be viewed here:Zooming Into Video Conferencing Privacy and Security Threats.
What the Ben-Gurion University research really underscores is a privacy concern that exists across all publicly accessible platforms and the ease of uncovering information about an individual with a bit of effort and the use of mainstream technology. If nothing else is taken from this learning, everyone needs to begin verifying the privacy settings of their accounts on all social media networks!
To be fair to Zoom, the privacy risk highlighted in the VentureBeat article and the research paper are not due to shortcomings in the Zoom product itself but rather to human behaviors in the use of the product, such as posting screenshots or cell phone camera pictures of Zoom meeting sessions. The Ben-Gurion research acknowledges that this is a limitation of the research but does not explicitly note that the breach of privacy is a human factor.
The privacy concern is internet-wide. The Ben-Gurion research uses information from social network accounts whose content is publicly accessible to extract the additional information to correlate against its face and text detection findings. Social network providers do not do enough to alert users to the public nature of their posts; in many cases, the default setting is “public” and it is up to the user to remember to set their settings to “private” or “friends only.” Today’s social networks provide options to opt out of marketing settings that govern the sharing of information and privacy settings that switch the default privacy of new posts. Unfortunately, users remain unaware of this and assume that the default settings are secure, which allows the social network and external parties to prey on their ignorance.
The use of social networks to gain access to people’s identities is becoming more prevalent in today’s connected world. One recent example of this is the legally ambiguous use of social networks by a federal agency to identify individuals for arrest.
Users must consider two key actions to take in order to safeguard their personal profiles:
- Do not post pictures or screenshots of your web conferencing meetings. No measure of privacy protection technology will guard against this type of circumvention.
- Carefully review the privacy settings of all social media accounts. Some social networks allow you review your profile using a “View As” function, where you view your profile as a member of the public. Failing that, assume that your profile is public to the world and take appropriate precautions.
Info-Tech Research Group is staying on top of these developments. Watch this space for more updates!
Want to Know More?
Google has announced several updates to its G-Suite offering, which aims to heavily integrate and better secure its teamwork applications. The move represents a clear attempt by Google to directly compete with Microsoft’s office productivity suite, with several of the G-Suite updates mirroring the logical architecture of Office 365.
As of July 1, 2020, over 70,000 small business users receiving their Microsoft 365 services from Navisite will now receive them from Intermedia. The move means that Navisite’s users now have access to a range of Intermedia offerings, including Unite, Contact Center, and AnyMeeting.
Zoom recently announced Zoom for Home: an all-in-one hardware and software for home users designed to enable the work-from-home user with a single home appliance for web conferencing, phone calling, and interactive whiteboard collaboration.
Thinking about choosing a new software vendor but don't know where to start? Narrow down your shortlist by focusing on software that has received an Info-Tech Research Group award. New data from SoftwareReviews shows that organizations reported higher satisfaction when they switched to software that had received an Info-Tech award.
As Zoom approaches the end of its 90 day moratorium on enhancements to focus on security, the company names Jason Lee, SalesForce’s former SVP of Security Operations, as its new CISO.
Moving townhall meetings online can present a range of virtual problems – not least, which web conferencing tool to use! This note explores how Microsoft Teams can be used by governmental bodies to remotely host their townhalls and other public engagements.
Upgrading one’s videoconferencing hardware is an important long-term investment that revolves around several decision points. This note offers a process for thinking about these decision points.
Two new vulnerabilities in Zoom’s web conferencing software were discovered in early June 2020. The vulnerabilities could allow malicious actors the ability to execute arbitrary code on target hosts and exploit path traversal vulnerabilities in the software. Zoom’s latest update addresses and remediates the vulnerabilities.
Zoom’s security consultant has announced that it will be providing strong encryption to paying customers and educational users of its web conferencing service. The move is being made in consultation with industry security consultants and privacy advocates.