For Americans sheltering at home during the coronavirus pandemic, the Zoom videoconferencing platform has become a lifeline, enabling millions of people to easily keep in touch with family members, friends, students, teachers and work colleagues.
But what many people may not know is that, until Thursday, a data-mining feature on Zoom allowed some participants to surreptitiously access LinkedIn profile data about other users -- without Zoom asking for their permission during the meeting or even notifying them that someone else was snooping on them.
The undisclosed data mining adds to growing concerns about Zoom's business practices at a moment when public schools, health providers, employers, fitness trainers, prime ministers and dance parties are embracing the platform.
An analysis by The New York Times found that when people signed in to a meeting, Zoom's software automatically sent their names and email addresses to a company system it used to match them with their LinkedIn profiles.
[CORONAVIRUS: Click here for our complete coverage » arkansasonline.com/coronavirus]
The data-mining feature was available to Zoom users who subscribed to a LinkedIn service for sales prospecting, called LinkedIn Sales Navigator. Once a Zoom user enabled the feature, they could quickly and covertly access LinkedIn profile data -- like locations, employer names and job titles -- for people in their Zoom meetings by clicking on a LinkedIn icon next to their names.
The system did not simply automate the manual process of one user looking up the name of another participant on LinkedIn during a Zoom meeting. In tests conducted last week, The Times found that even when a reporter signed in to a Zoom meeting under pseudonyms -- "Anonymous" and "I am not here" -- the data-mining tool was able to instantly match him to his LinkedIn profile. In doing so, Zoom disclosed the reporter's real name to another user, overriding his efforts to keep it private.
Reporters also found that Zoom automatically sent participants' personal information to its data-mining tool even when no one in a meeting had activated it. This week, for instance, as high school students in Colorado signed in to a mandatory video meeting for a class, Zoom readied the full names and email addresses of at least six students -- and their teacher -- for possible use by its LinkedIn profile-matching tool, according to a Times analysis of the data traffic that Zoom sent to a student's account.
The discoveries about Zoom's data-mining feature echo what users have learned about the surveillance practices of other popular tech platforms over the past few years. The video-meeting platform that has offered a welcome window on American resiliency during the coronavirus -- providing a virtual peek into colleagues' living rooms, classmates' kitchens and friends' birthday celebrations -- can reveal more about its users than they may realize.
"People don't know this is happening, and that's just completely unfair and deceptive," Josh Golin, executive director of the Campaign for a Commercial-Free Childhood, a nonprofit group in Boston, said of the data-mining feature. He added that storing the personal details of schoolchildren for non-school purposes, without alerting them or obtaining a parent's permission, was particularly troubling.
Early Thursday morning, after Times reporters contacted Zoom and LinkedIn with their findings on the profile-matching feature, the companies said they would disable the service.
In a statement, Zoom said it took users' privacy "extremely seriously" and was "removing the LinkedIn Sales Navigator to disable the feature on our platform entirely." In a related blog post, Eric S. Yuan, the chief executive officer of Zoom, wrote that the company had removed the data-mining feature "after identifying unnecessary data disclosure." He also said that Zoom would freeze all new features for the next 90 days to concentrate on data security and privacy issues.
In a separate statement, LinkedIn said it worked "to make it easy for members to understand their choices over what information they share" and would suspend the profile-matching feature on Zoom "while we investigate this further."
The Times findings add to an avalanche of reports about privacy and security issues with Zoom, which has quickly emerged as the go-to business and social platform during the pandemic. Zoom's cloud-meetings service is currently the top free app in the Apple App Store in 64 countries including the United States, France and Russia, according to Sensor Tower, a mobile app research firm.
In response to news reports on its problems, Zoom recently announced that it had stopped using software in its iPhone app that sent users' data to Facebook, updated its privacy policy to clarify how it handles user data, and conceded that it had overstated the kind of encryption it used for video and phone meetings.
Zoom also is removing some controversial features, including an "attention-tracking" option that allowed a host to be alerted when the system suspected a call participant was looking elsewhere.
Federal and state authorities have begun asking questions about how the software monitors and protects Americans' video streams.
Information for this article was contributed by Aaron Krolik and Natasha Singer of The New York Times; and by Drew Harwell of The Washington Post.
Business on 04/03/2020