University researchers used artificial intelligence (AI) in an experiment to determine the extent of privacy risks associated with using the popular web conferencing tool Zoom. Publicly available data scraped from a number of social networks was cross-referenced as part of this research.
Online technology publication VentureBeat recently published an article that highlights research conducted by Ben-Gurion University on Zoom privacy. The research includes the use of public screenshots of video meetings analyzed along with publicly accessible content curated from Instagram and Twitter using simple searches on keywords and hashtags.
The process made use of over 15,700 publicly available meeting screenshots processed through Microsoft Azure Face API, allowing researchers to differentiate 1,153 unique faces from the 140,000 rendered. Researchers were then able to determine the gender and age of each face and further cross-reference that data with text recognition to extract 85,000 usernames. They were further able to cross-reference their findings against public social network accounts to determine identities and other personal information.
Source: SoftwareReviews Product Scorecard. Accessed July 22, 2020.
The research goes on to recommend privacy risk mitigation techniques, such using pseudo-names, hiding backgrounds, and implementing video filters that can foil facial recognition software. The full research paper can be viewed here:Zooming Into Video Conferencing Privacy and Security Threats.
What the Ben-Gurion University research really underscores is a privacy concern that exists across all publicly accessible platforms and the ease of uncovering information about an individual with a bit of effort and the use of mainstream technology. If nothing else is taken from this learning, everyone needs to begin verifying the privacy settings of their accounts on all social media networks!
To be fair to Zoom, the privacy risk highlighted in the VentureBeat article and the research paper are not due to shortcomings in the Zoom product itself but rather to human behaviors in the use of the product, such as posting screenshots or cell phone camera pictures of Zoom meeting sessions. The Ben-Gurion research acknowledges that this is a limitation of the research but does not explicitly note that the breach of privacy is a human factor.
The privacy concern is internet-wide. The Ben-Gurion research uses information from social network accounts whose content is publicly accessible to extract the additional information to correlate against its face and text detection findings. Social network providers do not do enough to alert users to the public nature of their posts; in many cases, the default setting is “public” and it is up to the user to remember to set their settings to “private” or “friends only.” Today’s social networks provide options to opt out of marketing settings that govern the sharing of information and privacy settings that switch the default privacy of new posts. Unfortunately, users remain unaware of this and assume that the default settings are secure, which allows the social network and external parties to prey on their ignorance.
The use of social networks to gain access to people’s identities is becoming more prevalent in today’s connected world. One recent example of this is the legally ambiguous use of social networks by a federal agency to identify individuals for arrest.
Users must consider two key actions to take in order to safeguard their personal profiles:
Info-Tech Research Group is staying on top of these developments. Watch this space for more updates!