Zoom iOS shares your data with Facebook whether you have an account or not

An analysis conducted by Motherboard reveals yet another privacy flaw in the widely used video-conference program.

FilippoBacci/E+/Getty Images

As COVID-19 upends the world, Zoom's daily user base has shot up by 67 percent. With more workplaces and classrooms relying on this video-conferencing tool, its privacy vulnerabilities have become increasingly obvious and hard to ignore.

Depending on the tier of service one has, corporate administrators (who are called "hosts") can track the "attention" of attendees through a private feature, record and transcribe the content of meetings without the permission of attendees, drop into any meeting within their organization, and more. On top of that, Motherboard now reports that the Zoom iOS app shares some personal data with Facebook — whether users have an account or not.

Given the ubiquity of app developers relying on Facebook's software development kits (SDKs), it's not uncommon for apps to share some degree of data with the platform. It's basically a trade-off; developers rely on SDKs to make their apps more usable while Facebook extracts some information in the process. But in Zoom's case, iOS users have yet to be made aware of this transaction.

Consumers deserve to know — Over and over again, it is the lack of transparency around Zoom's data access, collection, and extraction methods that have raised concerns among users and privacy advocates. If Zoom does not plan to reduce or entirely eliminate this exchange with Facebook, it should make it abundantly clear to its iOS users that the app shares their information with the network. People can then make an informed decision based on their own individual threat models as to whether (or not) they want to continue using the app. Without basic knowledge of such a transfer, Zoom iOS users are essentially working in the dark.

From your name to your city — As Motherboard points out, Zoom informs Facebook when a user opens the app on their phone. It also lets Facebook know about the model of their phone, where they logged in from, and what phone carrier they rely on. Companies frequently extract these personal nuggets about people to target them with more personal ads.

What does Zoom actually say? — Zoom's official privacy policy states that "our third-party service providers, and advertising partners (e.g., Google Ads and Google Analytics) automatically collect some information about you when you use our Products, using methods such as cookies and tracking technologies." It does not, however, mention any trade-off with Facebook. "Some" of that data sent over to third-party affiliates includes "IP addresses, browser type, Internet service provider (ISP), referrer URL, exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data."

So far, Zoom's business model seems centered on testing the limits of what people find socially and legally acceptable. But it doesn't have to be this way. Convenience and productivity shouldn't come at the expense of user privacy. Right now Zoom seems to have carte blanche in how it extracts data but eventually, it will have to address these justified questions and concerns.