The Zoom app on a smartphone.

Update: Zoom says it will take strong steps to address privacy and security issues, such as those described in this article. Among other changes detailed in a long blog post, the company says it is freezing the development of new features to focus on fixing existing problems, removing the controversial attention tracker feature, and soliciting in-depth reviews by outside experts and users. Justin Brookman, director of privacy and technology policy for Consumer Reports, says, "This is impressive. It's refreshing to see a Silicon Valley company admit mistakes and make meaningful changes so quickly." This article was originally published on April 1, 2020.


Zoom, the widely used teleconferencing service, has been receiving a lot of scrutiny for the way it handles the digital privacy and security of its users. A flurry of new revelations in recent days could make some consumers second-guess whether they want to use the platform at all.

Last week, Consumer Reports found that Zoom’s privacy policy seemed to leave the company free to use video and other user content for targeted advertising and other business purposes. Over the weekend, the company revised its privacy policy to say that’s off-limits. It also removed commonly used Facebook tracking software from its mobile app, in response to an article published on the tech news site Motherboard.

The company reacted quickly to those issues, but bad privacy news has continued to mount, with Zoom users filing a class-action lawsuit in California concerned about the Facebook sharing, the New York state attorney general looking into alleged security lapses, and several researchers reporting software vulnerabilities that could put consumer information at risk.

“People should be cognizant of the privacy and security threats when using these teleconferencing services,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “This is uncharted territory for a lot of us who are suddenly very dependent on these platforms, and we’re not conditioned to think about the risks and potential misuses.”

More on Coronavirus

Several security vulnerabilities have been reported. One problem could compromise Windows passwords, while a problem with Zoom’s “Company Directory” setting could cause the platform to share personal email addresses inadvertently with other users—potentially hundreds or thousands of them. Another researcher pointed out a bug that could allow an attacker to take over the camera and mic on a Mac. A similar flaw was fixed last year.

In addition, The Intercept has pointed out that the Zoom website says the service supports end-to-end encryption, a high level of protection for personal communications, but that the service actually encrypts data only in transit, a less robust form of protection.

While none of these security glitches individually posts a huge threat to users, experts say that together they form a disturbing pattern.

“These are issues that should have been caught by Zoom, and it raises the question of what else has been missed by the company, and whether they’re truly taking the security and privacy needs of their customers seriously,” says Bill Fitzgerald, a privacy researcher in Consumer Reports’ Digital Lab.  

The company says that some of the problems are growing pains associated with the global crisis. “Zoom was originally developed for enterprise use,” a spokesman says. During the pandemic, “as more and new kinds of users start using Zoom during this time, Zoom has been proactively engaging to make sure they understand Zoom’s relevant policies, as well as the best ways to use the platform and protect their meetings. We are proud of the role we are playing during this challenging time.” 

How to Use Zoom More Safely

If you want or need to continue using Zoom, you can take a few steps to enhance your privacy.

The most basic precaution is to assume that anything you say or do in a Zoom meeting could be recorded by the meeting host and possibly other participants. Those recordings can then be shared with third parties who weren’t in the original meeting.

If you’re the host, you should turn on the option that notifies participants that you intend to record the meeting and ask for their consent.

To prevent “Zoombombing,” the unauthorized takeover of a Zoom meeting by pranksters, turn on password protection in every meeting and set screen sharing to Host Only. Don’t share meeting links, and ask participants not to share them, either.

If you’re in a meeting at home, pay attention to your surroundings. Users who don’t want clients and coworkers to see the books on a shelf or the dirty dishes in the sink can use a photo from their hard drive as a background; the feature works well.

And if you don’t want to receive targeted ads from Zoom after going to zoom.us, you can click the Cookie Preferences link at the bottom of any page on the site and adjust the slider to Required Cookies.