As COVID-19 forces schools, offices, and social groups to move their daily operations online, video calling service Zoom has become the new centerpiece of many people’s daily life. But the increased use has brought heightened scrutiny to the company’s data practices. Every day, it seems, new vulnerabilities in the platform are coming to light.
Today is no exception. The New York Times discovered that Zoom has been supporting a data-mining feature that automatically matched users’ names and email addresses to their LinkedIn profiles when they signed in — even if they were anonymous or using a pseudonym on their call. If another user in their meeting was subscribed to a service called LinkedIn Sales Navigator, they were able to access the LinkedIn profiles of other participants in their Zoom meetings by clicking an icon next to their names — without those users’ knowledge or consent.
Reached for comment by the Times, Zoom stated that it takes its users’ privacy “extremely seriously” and that it will disable the feature.
LinkedIn also told the Times that it will suspend its Zoom integration “while we investigate this further.”
Zoom has made several changes to its practices in response to recent privacy backlash. After a software engineer discovered that the service was dodging macOS restrictions to install itself without users providing final consent, Zoom issued an update to remove the trickery. CEO Eric S. Yuan announced a 90-day feature freeze to fix privacy and security issues.