Thursday, March 26, 2020

Zoom Attention Tracking and Facebook

Wolfgang (Hacker News):

ZOOM monitors the activity on your computer and collects data on the programs running and captures which window you have focus on.

If you manage the calls, you can monitor what programs users on the call are running as well.

EFF (Hacker News):

The host of a Zoom call has the capacity to monitor the activities of attendees while screen-sharing. This functionality is available in Zoom version 4.0 and higher. If attendees of a meeting do not have the Zoom video window in focus during a call where the host is screen-sharing, after 30 seconds the host can see indicators next to each participant’s name indicating that the Zoom window is not active.


Zoom allows administrators to see detailed views on how, when, and where users are using Zoom, with detailed dashboards in real-time of user activity. Zoom also provides a ranking system of users based on total number of meeting minutes. If a user records any calls via Zoom, administrators can access the contents of that recorded call, including video, audio, transcript, and chat files, as well as access to sharing, analytics, and cloud management privileges.

See also: Nick Heer.


When someone sends you a zoom invite, cancel the download, then click the having problems link to download again. Cancel it again. It will show you a link to join by browser.

Joseph Cox (tweet, Hacker News):

What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account, according to a Motherboard analysis of the app.

This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook. But Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether.


Update (2020-04-10): Joseph Cox:

On Friday video-conferencing software Zoom issued an update to its iOS app which stops it sending certain pieces of data to Facebook.

David Heinemeier Hansson:

Zoom has stopped the data leakage to Facebook. That’s good. But their privacy policy is still a complete trash fire that belittles privacy legislation, and grants themselves the right to do exactly what they were just caught doing.

Eric S. Yuan (Hacker News):

We originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services.

Will Strafach:

absolutely wild how companies are comfortable admitting that they have no clue what kinds of code they are including in their apps, and have to be “made aware” of what their own apps are doing.

John Gruber (tweet):

This Facebook data issue is nowhere near as bad as the web server issue. But it betrays Zoom’s institutionally cavalier attitude to privacy. Their privacy policy more or less grants them carte blanche to do whatever the hell they want.

Mistakes happen. Bugs happen. I not only forgive mistakes, I enjoy forgiving mistakes. But Zoom’s callous disregard for privacy does not seem to be a mistake. As Zoom itself said about the hidden web server they secretly installed on Macs, it’s a feature not a bug.

Joseph Cox:

On Monday a user of the popular video-conferencing software Zoom filed a class action lawsuit against the company for sending data to Facebook. The lawsuit argues that Zoom violated California's new data protection law by not obtaining proper consent from users about the transfer of the data.

5 Comments RSS · Twitter

Are the Facebook privacy issues only if you log in to Zoom with your Facebook credentials, or is this a thing regardless how you log in?

@Lee It sounds like it was regardless of how you logged in, perhaps simply as a result of loading the Facebook SDK.

Looks like Zoom revised the SDK use to resolve this.

[…] Zoom Attention Tracking and Facebook via mjtsai’s blog […]

[…] and one application that has become popular is Zoom. Unfortunately this app has multiple (link, link, link) security and privacy […]

Leave a Comment