Comprehensive software reviews to make better IT decisions
University Researchers Use AI to Highlight Zoom’s Privacy Risks
University researchers used artificial intelligence (AI) in an experiment to determine the extent of privacy risks associated with using the popular web conferencing tool Zoom. Publicly available data scraped from a number of social networks was cross-referenced as part of this research.
Online technology publication VentureBeat recently published an article that highlights research conducted by Ben-Gurion University on Zoom privacy. The research includes the use of public screenshots of video meetings analyzed along with publicly accessible content curated from Instagram and Twitter using simple searches on keywords and hashtags.
The process made use of over 15,700 publicly available meeting screenshots processed through Microsoft Azure Face API, allowing researchers to differentiate 1,153 unique faces from the 140,000 rendered. Researchers were then able to determine the gender and age of each face and further cross-reference that data with text recognition to extract 85,000 usernames. They were further able to cross-reference their findings against public social network accounts to determine identities and other personal information.
Source: SoftwareReviews Product Scorecard. Accessed July 22, 2020.
The research goes on to recommend privacy risk mitigation techniques, such using pseudo-names, hiding backgrounds, and implementing video filters that can foil facial recognition software. The full research paper can be viewed here:Zooming Into Video Conferencing Privacy and Security Threats.
What the Ben-Gurion University research really underscores is a privacy concern that exists across all publicly accessible platforms and the ease of uncovering information about an individual with a bit of effort and the use of mainstream technology. If nothing else is taken from this learning, everyone needs to begin verifying the privacy settings of their accounts on all social media networks!
To be fair to Zoom, the privacy risk highlighted in the VentureBeat article and the research paper are not due to shortcomings in the Zoom product itself but rather to human behaviors in the use of the product, such as posting screenshots or cell phone camera pictures of Zoom meeting sessions. The Ben-Gurion research acknowledges that this is a limitation of the research but does not explicitly note that the breach of privacy is a human factor.
The privacy concern is internet-wide. The Ben-Gurion research uses information from social network accounts whose content is publicly accessible to extract the additional information to correlate against its face and text detection findings. Social network providers do not do enough to alert users to the public nature of their posts; in many cases, the default setting is “public” and it is up to the user to remember to set their settings to “private” or “friends only.” Today’s social networks provide options to opt out of marketing settings that govern the sharing of information and privacy settings that switch the default privacy of new posts. Unfortunately, users remain unaware of this and assume that the default settings are secure, which allows the social network and external parties to prey on their ignorance.
The use of social networks to gain access to people’s identities is becoming more prevalent in today’s connected world. One recent example of this is the legally ambiguous use of social networks by a federal agency to identify individuals for arrest.
Users must consider two key actions to take in order to safeguard their personal profiles:
- Do not post pictures or screenshots of your web conferencing meetings. No measure of privacy protection technology will guard against this type of circumvention.
- Carefully review the privacy settings of all social media accounts. Some social networks allow you review your profile using a “View As” function, where you view your profile as a member of the public. Failing that, assume that your profile is public to the world and take appropriate precautions.
Info-Tech Research Group is staying on top of these developments. Watch this space for more updates!
Want to Know More?
My Firewall Is Smarter Than Your Firewall
Next-generation firewalls were smarter than previous firewalls, able to deeply analyze traffic and integrate with complementary security solutions. Today our needs are more complex, however, with a 742% increase in software supply chain attacks over the past three years. Sonatype Nexus Firewall has been paying attention and claims its firewall product is smarter about these attacks.
Your Internet Secret Service, Otherwise Known as External Attack Surface Management (EASM)
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
Can Hillstone Networks Position Its StoneOS to Take Firewalls Beyond the Next Generation?
Hillstone Networks has positioned itself as a robust and feature-rich provider of not only hardware but also security solutions. With its ZTNA 3.0 release and support for centralized management of IoT assets and incident response, the company embodies a next-generation firewall.
Acronis Offers a Unique Endpoint Protection and Data Recovery Package Tailored for the Small to Medium-Sized Business
Acronis hopes to overtake many competitors in the data recovery and endpoint protection solution space by forging partnerships with many MSSPs and appealing to the SMB market. The company has doubled down by hiring the former CEO of GoDaddy, who is committed to reinvesting in its technology and increasing and improving its product line.
Zoho Announces Trident to Power Workplace’s UCaaS Capabilities
Zoho, a multinational software and web-based business tool provider, has announced the launch of Trident – a hub that brings Zoho’s pre-existing and new unified communications capabilities into a single pane of glass. How will Trident’s addition to Workplace impact customer migrations from Microsoft and Google.
Next-Gen EDR/MDR/XDR – Field Effect Covalence
Field Effect Covalence is an EDR/MDR/XDR offering that translates chaos into order.
Will Avaya’s Five-Step Transformation Strategy Generate a Stronger Outlook for 2023?
To revitalize and strengthen business transformation, Avaya has outlined a five-step plan for restructuring its product lines, go-to-market strategy, and balance sheet. This tech note evaluates these five steps, highlighting the main contingencies for each step’s successful rollout.
Informatica World 2022 Highlights
On May 24-25, Informatica held its annual conference in Las Vegas – the first time “in-person” since the beginning of the COVID-19 pandemic.
Are You In or Out? How to Source Application Development
Custom application development is a strategic differentiator in the digital economy. Organizations need to make good decisions on how to insource or outsource that development or they risk bad software … and worse results.