Zoom has disabled a feature in its web conferencing
software that allowed the company to secretly gather data and match the
information with LinkedIn sources, giving some users the ability to identify
participants in the conference without their knowledge.
Following a New York Times investigation,
Zoom decided to eliminate its LinkedIn data mining entirely, citing privacy
concerns. It turns out that Zoom would send back data about participants and
then used LinkedIn to match the people.
Someone in the active conference with a LinkedIn Sales
Navigator account would be able to access LinkedIn-provided details without notifying
the participants. The investigation also revealed that even users logged in as
Anonymous were not safe — the data-mining feature would work just as well.
To make matters worse, the Zoom client would
automatically send personal information to the servers even if no one in the
meeting had the option activated. The company was most likely trying to stay
ahead and keep the information ready, just in case.
Data mining is nothing new, and social networks have been
using this strategy all the time, building shadow profiles for people before
they had an account. Zoom CEO, Eric S. Yuan said
the company “permanently removed the LinkedIn Sales Navigator app after
identifying unnecessary data disclosure by the feature.”
Zoom has been in the crossfire in the past few weeks as
more people have logged into its services following the shift to working from
home. Security problems started to crop up, such as the ones with Zoombombing,
Facebook SDK and the recent macOS Zoom installer.
Following all of these problems, the company is now
shifting its focus from bringing new features to fixing existing problems.
“Over the next 90 days, we are committed to dedicating
the resources needed to better identify, address, and fix issues proactively.
We are also committed to being transparent throughout this process,” also said