Zoom may be leaking your email address: What to do now
What you should know about Zoom's privacy leaks.
Zoom, the increasingly popular video-call service, seems to be leaking data like a colander draining pasta. A new report says the email addresses and photos of Zoom users are up for the taking, which would let random strangers start video calls with anyone they please.
This news comes from Vice, which points to problems with a default Zoom setting that in many cases places everyone who uses the same email domain into a "company directory" and makes them all visible to each other.
- Zoom vs. Google Hangouts: Which video chat service is right for you?
- How to change your Zoom background
- Best Zoom alternatives
While many new Zoomers will likely not know about this setting — Zoom was primarily an enterprise tool before COVID-19 changed life as we know it — knowing about this one setting is the difference between getting your contact info and photos shared with strangers.
How to disable Zoom's Company Directory setting
To find the Company Directory setting to disable this feature, Zoom users with paid accounts should open https://zoom.us/account/im/setting. It's not available to free users.
Zoom tries to prevent problems with this feature by exempting the big webmail providers, as you can see in the fine print of Zoom's Managing Contacts help section:
By default, your Zoom contacts directory contains internal users in the same organization, who are either on the same account or who's [sic] email address uses the same domain as yours (except for publicly used domains including gmail.com, yahoo.com, hotmail.com, etc) in the Company Directory section.
You can also use this Zoom page to submit your email domain for exemption.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Why Zoom is leaking data
This nifty user-sorting idea runs into trouble when it encounters webmail domains that are not widely known. Vice talked to Barend Gehrels, a Zoom user who saw this issue flare up with the Dutch ISP domains xs4all.nl, dds.nl, and quicknet.nl.
Even though free users don't have access to Zoom's Company Directory setting, it's seemingly still affecting them.
That's according to twitter user @JJVLebon, who "registered with [a] private email." and then "got 1000 names, email addresses and even pictures of people in the company Directory." The user used the hashtag #GDPR to highlight the inherent privacy threat.
Hopefully, we will see Zoom change how this works, and soon. It's become the app that housebound people are using to communicate with others. Heck, I even used Zoom to take a yoga class online. And while you could write this off as a niche problem, it's something that you should have to opt into, not hurriedly opt out of.
Another Zoom no-no
Oh, and one more thing: don't share screenshots with your Zoom Meeting ID online. British Prime Minister Boris Johnson learned this lesson the hard way when he tweeted out the photo below but didn't crop out the 9-digit ID number used for Her Majesty's Cabinet meetings:
This morning I chaired the first ever digital Cabinet. Our message to the public is: stay at home, protect the NHS, save lives. #StayHomeSaveLives pic.twitter.com/pgeRc3FHIpMarch 31, 2020
Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.