关注我们.

数据保护

Zoom:Github 上泄露了可疑的做法。

共享:

发布时间

on

疫情期间突然爆红的远程视频会议软件ZOOM,成功超越Skype、Teams等传统视频会议软件,成为最受欢迎的工具。它拥有数亿日活跃用户,甚至被许多政府机构使用。但该软件却屡屡被曝出数据泄露和安全漏洞,引起了监管部门的广泛关注。

近日,30月XNUMX日,有人自称ZOOM内部高级技术人员 在 Github 上发布了一个存储库,展示了“证据” 该公司秘密保存用户信息并将其提供给美国政府机构。


ZOOM 用户没有数据自主权。

据泄密者称: “The US government asked Zoom to preserve user data of interest including those already deleted by users so that they can obtain any and all user data. In order to meet such requests, Zoom has modified their tool to pretend that data has been deleted while just giving the deleted data a hidden property, therefore preserving user data while making their users believe the data has been erased. This tool helps to secretly copy and preserve data meeting history and participants details, cloud recordings, chat message, pictures, files, Zuora (Billing system, zuora.com), SFDC (CRM system, salesforce.com), phone/address, billing address, and credit/debt cards through data cloning and mirroring. What’s worse, if your account was added into the “Data Preservation”system with your appearance on the target list, even if you do not present any illegal behaviour, all your actions in Zoom will be put under direct surveillance and at the free disposal of law-enforcing departments.


通过后门系统监控用户(跟踪自动 TOS 违反者终止系统)。

According to the posted document: “The Zoom headquarter has completed the R&D of a secret monitoring system a long time ago. It is called “Tracking Automated TOS Violators Termination System” whose internal IP is “se.zipow.com/tos”. No later than 2018, the system was put into application, monitoring free users as well as premium users and enterprise users. Main functions of the system are automatic search of susceptible meetings, free access to meetings without password or host’s authorization simply by the backdoor of the system, random analysis of video content from meetings, secret recordings of videos, audio, screenshots of meetings and production of reports or data accordingly to US supervisory departments as well as termination of susceptible meetings and banning of relative accounts. The system is highly confidential and only opened to a few internal employees. Zoom may explain this system was developed for fighting crime, but Zoom has to acknowledge the system shows it has the ability to monitor users and already does. People need to worry about whether Zoom will abuse the system for US so-called “national security” or business purposes, and even randomly, frequently, indistinguishably monitor global users and steal their personal data at a large scale.”


Zoom后台管理系统。

根据泄漏:Zoom back-end management system has top authority over all Zoom accounts. It is designed to help manage Zoom user accounts. However, this system has some backdoor functions which may violate user privacy data. Some functions are beyond belief, when a Zoom employee clicks the “Login” button, with this user credentials, he can log into this user’s account in the same way the user himself deals with his own account. This way, the employee has the same right to deal with this user’s account, checking everything on the account, using the user’s private key to see any confidential files, meeting records, IM chats, emails, telephone recordings and billings. This means the  “ee2e” encryption measure is a meaningless facade. Besides this privilege, Zoom employees can modify or delete users’ local data, and even remotely control or implant a backdoor on relative devices like Zoom Room through this system. Compared to managing user accounts by backed database, this system makes it more convenient for Zoom staff to monitor user behaviours and fetch their data ignoring encryption measure.”


违背承诺并使用用户数据进行机器学习。


据举报人透露:Eric Yuan, the CEO of Zoom, once proclaimed that “We now commit to all of our customers that we will not use any of their audio/video chats, screen sharing. attachments and other communications like poll results, whiteboard and reactions to train our Al models or third-party Al models”. From what I know, Zoom is eager to develop Al, because the company needs Al to find out illegitimacy in video conferencing to avoid compliance risk, to identify fraud users to reduce economic losses, and to analyse business trend and focus of service to gain more profits. With the aid of Al, Zoom, under the guidance of law enforcement, uses “TATVTS” against users. “The Tracking Automated TOS Violators Termination System” mentioned above could automatically detect suspicious meetings via machine leaning, join meetings without password and host’s permission, analyse meeting content and secretly take screenshots and videos of attendees and meeting content. Trained by data collected in the system, “TATVTS” becomes more intelligent in identifying meetings and users in which law enforcement may show interest. Thus the private data of many innocent users become samples to training Zoom’s machine learning model and violate users’ data privacy.”


Privacy and security issues can create serious risk and damage governments, organizations, individuals as well as trade secrets in the digital age. Zoom, as the world’s leading video conference software, has been exposed more than once for leaking user data and other information. During the epidemic, Europe also strengthened data protection laws against giant American online social media companies. In 2022, the EU and US signed the data privacy framework. It is clear that both parties must respect the legal framework in protecting users’ personal privacy, especially data protection. We also hope that ZOOM can learn from its previous legal troubles and begin to take information and data protection issues seriously.

如需进一步阅读和技术信息,请点击以下链接:
https://github.com/Alexlittle4/Zoom-violates-users-privacy

欧盟记者联系Zoom 征求意见,但他们尚未回复。

分享此文章:

EU Reporter 发表来自各种外部来源的文章,表达了广泛的观点。 这些文章中的立场不一定是欧盟记者的立场。

热销