|
by Ashley Boyd
April 28,
2020
from
FoundationMozilla Website
Italian
version
Amid the
pandemic,
Mozilla is
educating consumers
about popular
video apps'
privacy and
security features and flaws...
Right now, a record
number of people are using video call apps to conduct business,
teach classes, meet with doctors, and stay in touch with friends.
It's more important than ever for this technology to be trustworthy
- but some apps don't always respect users' privacy and security.
So today, Mozilla
is
publishing a guide to popular video call apps' privacy and
security features and flaws. Consumers can use this information to
choose apps they're comfortable with - and to avoid ones they find
creepy.
This work is an
addition to Mozilla's annual *Privacy Not Included guide, which
rates popular connected products' privacy and security features
during the holiday shopping season.
We created this new
edition based on reader demand: Last month, we asked our community
what information they need most right now, and an overwhelming
number asked for privacy and security insights into video call apps.
In this latest
installment, Mozilla researchers dug into 15 apps, from Zoom and
Skype to HouseParty and Discord.
Our researchers
answered important questions like:
Does the app
share user data - and if so, with whom?
Are users
alerted when meetings are recorded?
Is the app
compliant with U.S. medical privacy laws?
And many more...
Researchers also
determined whether or not apps meet Mozilla's
Minimum Security Standards.
These five guidelines include:
-
Using
encryption
-
providing security updates
-
requiring strong passwords
-
managing vulnerabilities
-
featuring a privacy policy
In total, 12 apps
met Mozilla's Minimum Security Standards:
-
Zoom
-
Google Duo/HangoutsMeet
-
Apple
FaceTime
-
Skype
-
Facebook
Messenger
-
WhatsApp
-
Jitsi Meet
-
Signal
-
Microsoft
Teams
-
BlueJeans
-
GoTo
Meeting
-
Cisco WebEx
Three products
did not meet Mozilla's Minimum Security Standards:
-
Houseparty
-
Discord
-
Doxy.me
The Minimum
Security Standards are just one layer of our guide, however.
What
else did our research uncover?
-
Competition
is fierce in the video call app space - which is good news
for consumers
-
Zoom
has been criticized for privacy and security flaws.
Because there are many other video call app options out
there, Zoom acted quickly to address concerns.
This
isn't something we necessarily see with companies like
Facebook, which don't have a true competitor
-
When
one company adds a feature that users really like, other
companies are quick to follow.
For example,
Zoom and
Google Hangouts popularized one-click links to get
into meetings, and Skype recently added the feature.
And
just last week Facebook added Messenger Rooms, which
allows up to 50 people to chat at once in
Messenger for as long as they want
-
All apps
use some form of
encryption, but not all encryption is equal.
-
All the
video call apps in our guide offer some form of
encryption.
But not all apps use the holy grail:
End-to-end encryption means only
those who are part of the call can access the call's
content. No one can listen in, not even the company.
Other
apps use client-to-server encryption, similar to what
your browser does for HTTPS web sites. As your data
moves from one point to another, it's unreadable.
Though
unlike end-to-end encryption, once your data lands on a
company's servers, it then becomes readable
-
Video call
apps targeting businesses have a different set of features
than video call apps targeting everyday use
-
This
may seem obvious. But it's important.
Video call apps
like,
...have a very different set of video chat
features and ease of use than business-oriented apps
such as,
Consumers who want something simple may want to skip the
B2B apps.
Business users who want a fuller set of
features and have money to pay may look to
business-focused apps
-
There is a
diverse range of risks.
It collects name, email, location, geolocations on photos you upload, information about
your contacts, information about you other people might
share, and even any information it can gather about you
when you use the camera feature.
Facebook says it can
use all this personal information to target you with
ads.
It also shares information with a large number of
third-party partners including advertisers, vendors,
academic researchers, and analytic services
-
WhatsApp
is solid for video chat, and gets bonus points for using
end-to-end encryption on users' messages and calls.
However, it is sullied by an
overwhelming amount of
misinformation on the platform. Especially during this
global pandemic,
conspiracies and fake news are being spread across
WhatsApp
-
Houseparty
is admittedly more fun than some others on our list, but
it comes with its own problems. Houseparty appears to be
a personal data vacuum (though kudos to their
privacy policy
for being easy to read to tell you that)
-
Discord
collects more information than we're comfortable with.
For example, it collects information on your contacts if
you link your social media accounts.
And then there's
the toxicity: dig deep enough and you'll find some
pretty troubling corners of Discord that are
known for misogyny, racial
harassment, and human
trafficking
|
