Home Cybersecurity Are Zoom Chats Private? Here's Why You Should Think Before Opening The App
Are Zoom Chats Private? Here's Why You Should Think Before Opening The App

Are Zoom Chats Private? Here's Why You Should Think Before Opening The App


As a huge number of people work from home during the COVID-19 crisis, Zoom videoconferencing is thriving. According to figures published at the end of February, Zoom added over 2 million users so far in 2020–more than across all of 2019.

Start a Homeland Security degree at American Military University.

But Zoom users now have more reasons to be concerned about the app’s privacy and security. Under certain circumstances, it turns out, multiple people in your meeting might be about to read your private messages.

A Twitter user wrote: “If you’re having a committee meeting via Zoom and you use the chat function to privately write to someone, your colleagues may not see it in real time, but it shows up when the chat is downloaded and put in the minutes folder.”

I asked Zoom if the Twitter claim was true and a spokesperson explained: “If a host chooses to record a Zoom meeting to the cloud, only chats sent publicly (to everyone in the meeting) are saved.”

However: “If a host chooses to record a Zoom meeting locally, then chats sent publicly, as well as any private chat exchanges that the host who chose to record the meeting participated in during session, are saved.”

If you are a Zoom host, it’s worth checking before allowing others to access the minutes folder.

Zoom’s had a bad week for privacy and security 

It comes after a bad week for Zoom’s privacy and security. Last week, I reported about the practice of “Zoom bombing”, seeing uninvited guests turning up to your meeting or chat. I also examined Zoom’s privacy policy, and it made concerning reading.

Zoom has since pointed me towards changes made to its privacy policy to make it more clear and transparent.

But Zoom’s privacy and security are of so much concern that the U.S. attorney general is looking into its practices. Meanwhile, Zoom is facing a class action lawsuit after it emerged the firm was sharing data with Facebook, Vice News reported.

Zoom’s “misleading” end-to-end encryption claims

Another Zoom problem centres around Zoom’s claims that the video conferencing app is end-to-end encrypted–in other words, no one, even Zoom itself, can read your chats. But according to a report on online news site The Intercept–which calls the claims “misleading,”–Zoom “is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.”

This is despite the fact that Zoom claims on its website that meetings connected by computer audio are end-to-end encrypted. Instead, the firm offers transport encryption, or TLS, which is the same tech web servers use to secure HTTPS websites. It means the connection between your app and Zoom’s server is encrypted, but Zoom could, if it wanted, access the data.

Zoom emphasized that it does not directly access, mine or sell user data. And it’s quite possible that the firm’s policy has simply confused the two types of encryption. However, as it is, the claim is misleading.

I have asked Zoom for further comment on this story and will update it when the firm responds.

No end to Zoom’s problems

It seems there are no end to Zoom’s problems, and it’s certainly hard to trust the fast-growing video conferencing app. But these issues do also emphasize the importance of doing your research when using a new app or service. It’s free for a reason.

“As video calls increase, we really need to take moment away from this new normal and look into the privacy issues that go in unison with free apps,” says Jake Moore, cybersecurity specialist at ESET. “We must remember that the app is free and there is a lot of information being shared without our direct knowledge–which is effectively the price for using the platform.”

I get it: Zoom is so functional and hard to match, at least from a business perspective and for large group chats. Houseparty is also growing in popularity, and stories citing a hack have been discredited, so you might want to try that for social chats. Just make sure you lock it down first with settings such as “private mode.”

Moore advises people to use privacy focused platforms such as Signal for encrypted messaging and calling.

I agree that Signal is probably the best choice, and FaceTime is good if you are able to use an Apple device. But I also recommend trying a new open source app called Jitsi, which is easy to use and pretty secure, at least as far as video calling goes.


This article was written by Kate O’Flaherty from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.



Online Degrees & Certificates In Cybersecurity

American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.

Request Information

Please complete this form and we’ll contact you with more information about AMU. All fields except phone are required.

Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Ready to apply? Start your application today.

We value your privacy.

By submitting this form, you agree to receive emails, texts, and phone calls and messages from American Public University System, Inc. which includes American Military University (AMU) and American Public University (APU), its affiliates, and representatives. I understand that this consent is not a condition of enrollment or purchase.

You may withdraw your consent at any time. Please refer to our privacy policy, terms, or contact us for more details.