PDT: In an emailed statement, a Zoom spokesperson made clear that users should exercise "extreme caution" when uploading recorded Zoom meetings to the internet.
In the meantime, if you're concerned about your privacy, trying using a Zoom alternative - or at the very least don't let anyone record a sensitive meeting. Hopefully, the company is busy notifying customers that their files are easily searchable on the open web. We reached out to Zoom for comment but received no immediate response. Like the Washington Post, we are choosing not to link to the Zoom page detailing the file format, and choosing not to specify what it is in an attempt to preserve some - albeit small - element of people's privacy. SEE ALSO: Forget Zoom: Use these private video-chatting tools, instead That this could turn out to be problematic clearly didn't occur to anyone at the company. Notably, Zoom lets its users know that recordings of their calls will all have the same default file name. As is the case with frequently unsecured Amazon S3 buckets, if the design of a system leads thousands of people to make the same mistake then perhaps there's a failure of design - or at least of communication. However, just because it's the users who screwed up doesn't let Zoom off the hook. Someone who accesses the server can then download those recordings (which all have the same file name) as they please. Then there are the businesses that automatically upload recorded Zoom meetings to a private server, but may have misconfigured the server in such a way that it's not actually private. For example, someone may accidentally upload their own private Zoom conversation to the internet, be that a therapy session or a call with a friend. Rather, recordings saved to someone's computer, and then later uploaded, are what's at issue today. Those video recordings aren't the ones exposed on the open web.
Zoom allows paid users the ability to save recordings to the cloud (Opens in a new tab) (i.e. Now, it's important to note that these meetings were uploaded - perhaps mistakenly, in some cases - by someone who initially had access to them. The two discussed the patient's thoughts about self harm, among other incredibly sensitive topics. One such video, clearly not intended to be uploaded, included what appeared to be a therapist speaking to his patient. But you don't even need to look that hard, as a quick search for the Zoom file name on YouTube, Google, and Vimeo by Mashable revealed scores and scores of recorded calls.
0 kommentar(er)
