Zoom has disabled a feature in its web conferencing software that allowed the company to secretly gather data and match the information with LinkedIn sources, giving some users the ability to identify participants in the conference without their knowledge.
Following a New York Times investigation, Zoom decided to eliminate its LinkedIn data mining entirely, citing privacy concerns. It turns out that Zoom would send back data about participants and then used LinkedIn to match the people.
Someone in the active conference with a LinkedIn Sales Navigator account would be able to access LinkedIn-provided details without notifying the participants. The investigation also revealed that even users logged in as Anonymous were not safe — the data-mining feature would work just as well.
To make matters worse, the Zoom client would automatically send personal information to the servers even if no one in the meeting had the option activated. The company was most likely trying to stay ahead and keep the information ready, just in case.
Data mining is nothing new, and social networks have been using this strategy all the time, building shadow profiles for people before they had an account. Zoom CEO, Eric S. Yuan said the company “permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature.”
Zoom has been in the crossfire in the past few weeks as more people have logged into its services following the shift to working from home. Security problems started to crop up, such as the ones with Zoombombing, Facebook SDK and the recent macOS Zoom installer.
Following all of these problems, the company is now shifting its focus from bringing new features to fixing existing problems.
“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process,” also said Zoom’s CEO.