In recent days, there has been a lively media debate about the privacy of Zoom, which is used for distance working and learning. The University of Oulu has reviewed the comments made and investigated the implementation of data security and data protection in Zoom, but this does not exclude the possibility that new issues related to data security will emerge in the future.
The Zoom service used by the University of Oulu is implemented as a service provided by CSC through NORDUnet. The service is located in Sweden and is used by the Nordic educational and scientific communities. The service's data security and data protection will comply with both European and national data protection laws.
The Zoom service provided by CSC is technically different from the free Zoom service provided by Zoom Video Communications, Inc in the USA.
Zoom's cloud recording has been blocked in the environment used by the University of Oulu. Thus, any recordings made of a teaching or meeting do not go outside the EU, but are stored on the user's device.
It has also been reported in the media that Zoom's iOS app (iPhone, iPad) transmits data from the device to Facebook, and Zoom has not disclosed the transmission of data in the privacy terms published in the app store. Data transfer was related to the app’s Facebook login feature, which passed data from the device to Facebook when the Zoom app was started or turned off. Zoom has removed the data transfer feature from its iOS app and released an updated version of the iOS app (4.6.9). Please, make sure you have the newest version in your mobile device. Through the Zoom app, only technical information about devices that cannot be directly identified by an individual user has been transmitted to Facebook.
One of Zoom’s old vulnerabilities has also reappeared in the media, that is allowing an attacker to spy on cameras or microphones from Apple MacBook users. The vulnerability was released in July 2019 and Zoom has already fixed the vulnerability in July 2019. It is always a good idea to use the latest software version of the applications and install the released security updates without delay.
In addition, there have been reports that some Zoom meetings have been attended by uninvited guests or disturbed by inappropriate videos. This is a common feature in remote meeting applications. If the meeting is held in public, anyone with a link to the meeting can attend. The meeting organizer can restrict access to the meeting, for example, by password or login, and specify whether to allow access to all or only registered users.
Last updated: 2.4.2020