The service is used by teachers who have to give distance courses, artists who perform live performances, friends who want to celebrate a birthday together even if they are miles apart, confined to their homes by these time to fight the Covid-19. But Zoom, the videoconferencing application that is currently on the rise, is also of interest to American judicial authorities.

A class action lawsuit was filed in California, Monday, March 30, arguing that the application had illegally shared sensitive personal data with Facebook. On the same day, the New York attorney general's office sent a letter to the U.S. start-up seeking clarification on how users' privacy is protected.

Because Zoom's crazy success story since the start of the coronavirus epidemic has caught the attention of both online privacy organizations and hackers. The teams in the videoconference app had to hastily modify some of the most questionable functions, however there remain gray areas which could be of value to the company, created nine years ago, a proper investigation from the American authorities.

Land mined for privacy

Until last week, the 15 million or so users were advancing on very mined areas for their privacy when they joined Zoom for a virtual work meeting with colleagues or simply sought to maintain a semblance of social bond by organizing a video chat with others.

The long list of concerns had given rise to a vitriolic report on March 24 from the highly respected Consumer Report, the American equivalent of 60 million consumers. Zoom was not content with the advertising uses of certain personal information that is commonplace in Silicon Valley. The privacy policy rules also state that the service can "share with third parties" the content of discussions and videos.

In other words, a psychoanalysis session held using a zoom or even schoolchildren's answers during a distance course could be used by advertisers. Worse, these images would, in theory, be susceptible to exploitation by companies working on facial recognition software, underlines the Consumer Report.

An analysis of the application by the American site Vice also showed that Zoom prepared a personalized report on each user specifically for Facebook.

"Zoom doesn't necessarily do all that, but the terms and services of its application give it a lot of leeway in this area," writes Bill Fitzgerald, privacy specialist for the Consumer Report.

The start-up is not the only one to have great power over the content of the videos. The administrators of each session (such as employers who organize a meeting for example) can recover the entire videoconference, can know at any time who connects to the service, and how long he uses it. Zoom even offers the possibility of being alerted if a participant in a videoconference spends more than thirty seconds roaming elsewhere on the Internet. Difficult, therefore, to make a small detour discreetly on YouTube while a colleague makes a boring presentation ... A level of coping 2.0 that alerted the defenders of privacy.

Zoombombing and hacked webcam

Criticized on all sides, Zoom carried out a major update of its conditions of use which addressed most of the criticisms, Sunday March 29. The young company has, in particular, committed to no longer share personal information with Facebook and claims, from now on, that the content of a video cannot be used for advertising purposes.

There remain the IT security concerns that are at the heart of Zoom's interest in the New York Attorney General's office. "We would like to know if the existing IT security practices are sufficient to cope with the sudden increase in volume and sensitivity of the data passing through Zoom's servers," wonders the New York judicial authority.

In recent days, hackers have discovered a flaw allowing them to invite themselves to a videoconference without having been invited and to broadcast their content on one of the shared screens. This phenomenon, called "Zoombombing", has invaded virtual classes in the United States: hackers come to project pornographic or racist and anti-Semitic videos there. Thus, on March 24, a neo-Nazi interrupted a course on anti-Semitism by exhibiting a swastika tattoo on his chest, reported the Anti-Defamation League.

This risk of exposing the youngest to hate or sexual content has prompted several American schools to advise against using Zoom for distance learning. A paradox for the New York prosecutor's office, which regrets that this tool "perfectly adapted to ensure academic follow-up" during the confinement period risks being boycotted because of computer security breaches.

But this is not the only problem. Last year, a breach was discovered in the application allowing hackers to take control of the webcams used by participants in a videoconference. Zoom did not correct the problem until 90 days after being notified.

For the New York prosecutor's office, this slowness to react does not bode well now that Zoom has invaded millions of homes around the world. This is why, he would like to make sure that the service has cleaned up as much as possible possible loopholes that could be exploited by malicious actors.

Zoom said he wanted to "fully cooperate" with the authorities. The start-up seems determined to react to criticism so as not to tarnish its reputation at a key time for its growth. But what about the practices of its competitors - Houseparty, Bunch and others - which are also gaining popularity without being subject to the same vigilance from the authorities? So many services which, although useful in this period of containment, risk adding a new level of surveillance, whether by advertisers or employers. After states that are increasingly using telephone data to ensure compliance with confinement rules, these videoconferencing tools are another demonstration of one of the paradoxes of this epidemic: the more individuals have to isolate themselves, the less they seem to have privacy.

The France 24 week summary invites you to come back to the news that marked the week

I subscribe

Take international news everywhere with you! Download the France 24 app

google-play-badge_FR