BTW: Discord is also spyware FYI.
Be careful. Although there are other ZOOM related malwares attacking people via ZOOM, ZOOM itself is a malware. It is now the number 1 app in the Google playstore here.
Non-admin can get a msg pretending to be a system prompt and get root privileges. App can be installed without user consent.
Even your face and msgs will be use for targeted ad campaigns and used to develop facial recognition. Everything will be recorded. Your cloud recordings, msges, files, whiteboard, videos, transcripts, names, attention tracking etc.
https://securityboulevard.com/2020/...e-the-privacy-issues-you-need-to-be-aware-of/
Some abstracts:
However, new users should be aware of the company’s privacy practices. By looking through its privacy policy and some of its support documents, you quickly discover that Zoom allows your boss to track your attention during calls, shares the copious amounts of data it collects with third parties, and has already had a major security vulnerability.
Zoom knows if you are paying attention to the call
Whenever you host a call, you have the option to activate Zoom’s attendee attention tracking feature. This feature alerts the call’s host anytime someone on the call “does not have Zoom Desktop Client or Mobile App in focus for more than 30 seconds.” In other words, if you are on a Zoom call and you click away from Zoom, the host of the call will be notified after 30 seconds, regardless of whether you minimized Zoom to take notes, check your email, or respond to a question on another app.
Zoom’s data collection and data sharing
Zoom not only tracks your attention, it tracks you.
According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any “information you upload, provide, or create while using the service.”
Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email) but much of it is collected automatically by the Zoom app.
In its privacy policy, under the entry “Does Zoom sell Personal Data?” the policy says, “Depends what you mean by ‘sell.’” To summarize Zoom’s policy, they say they don’t sell personal data for money to third parties, but it does share personal data with third parties for those companies’ “business purposes.” And that may include passing your personal information to Google.
The camera hacking bug
Last year, security consultant Johnathan Leitschuch discovered that Zoom set up a local web server on a user’s Mac device that allowed Zoom to bypass security features in Safari 12. This web server was not mentioned in any of Zoom’s official documentation. It was used to bypass a pop-up window that Safari 12 would show before it turned on your device’s camera.
However, this remote web server was also not adequately secured. Pretty much any website could interact with it. The result was that Zoom allowed malicious websites to take over your Mac’s camera without ever alerting you.
Be careful. Although there are other ZOOM related malwares attacking people via ZOOM, ZOOM itself is a malware. It is now the number 1 app in the Google playstore here.
Non-admin can get a msg pretending to be a system prompt and get root privileges. App can be installed without user consent.
Even your face and msgs will be use for targeted ad campaigns and used to develop facial recognition. Everything will be recorded. Your cloud recordings, msges, files, whiteboard, videos, transcripts, names, attention tracking etc.
https://securityboulevard.com/2020/...e-the-privacy-issues-you-need-to-be-aware-of/
Some abstracts:
However, new users should be aware of the company’s privacy practices. By looking through its privacy policy and some of its support documents, you quickly discover that Zoom allows your boss to track your attention during calls, shares the copious amounts of data it collects with third parties, and has already had a major security vulnerability.
Zoom knows if you are paying attention to the call
Whenever you host a call, you have the option to activate Zoom’s attendee attention tracking feature. This feature alerts the call’s host anytime someone on the call “does not have Zoom Desktop Client or Mobile App in focus for more than 30 seconds.” In other words, if you are on a Zoom call and you click away from Zoom, the host of the call will be notified after 30 seconds, regardless of whether you minimized Zoom to take notes, check your email, or respond to a question on another app.
Zoom’s data collection and data sharing
Zoom not only tracks your attention, it tracks you.
According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any “information you upload, provide, or create while using the service.”
Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email) but much of it is collected automatically by the Zoom app.
In its privacy policy, under the entry “Does Zoom sell Personal Data?” the policy says, “Depends what you mean by ‘sell.’” To summarize Zoom’s policy, they say they don’t sell personal data for money to third parties, but it does share personal data with third parties for those companies’ “business purposes.” And that may include passing your personal information to Google.
The camera hacking bug
Last year, security consultant Johnathan Leitschuch discovered that Zoom set up a local web server on a user’s Mac device that allowed Zoom to bypass security features in Safari 12. This web server was not mentioned in any of Zoom’s official documentation. It was used to bypass a pop-up window that Safari 12 would show before it turned on your device’s camera.
However, this remote web server was also not adequately secured. Pretty much any website could interact with it. The result was that Zoom allowed malicious websites to take over your Mac’s camera without ever alerting you.
