Personal Data Can Easily Be Extracted From Zoom and Other Video Conference Screenshots.
Video conference users should not post screen images of Zoom and other video conference sessions on social media, according to israeli researchers. They easily identified people from public screenshots of video meetings on Zoom, Microsoft Teams and Google Meet.
With the worldwide pandemic, millions of people of all ages have replaced face-to-face contact with video conferencing platforms. It is used to collaborate, educate and celebrate with co-workers, family and friends.
In April 2020, nearly 500 million people were using these online systems.
While there have been many privacy issues associated with video conferencing, the israeli researchers looked at what types of information they could extract from video collage images that were posted online or via social media.
“The findings in a paper indicate that it is relatively easy to collect thousands of publicly available images of video conference meetings. Then extract personal information about the participants, including their face images, age, gender, and full names,” says Dr. Michael Fire.
“This type of extracted data can vastly and easily jeopardize people’s security and privacy, affecting adults as well as young children and the elderly.”
Personal etracted from Zoom.
The researchers report that is it possible to extract private information from collage images of meeting participants posted on Instagram and Twitter.
They used image processing text recognition tools as well as social network analysis to explore the dataset of more than 15,700 collage images and more than 142,000 face images of meeting participants.
Artificial intelligence-based image-processing algorithms helped identify the same individual’s participation at different meetings. By simply using either face recognition or other extracted user features like the image background it was done.
The researchers were able to spot faces 80% of the time as well as detect gender and estimate age.
Free web-based text recognition libraries allowed the BGU researchers to correctly determine nearly two-thirds of usernames from screenshots.
The researchers identified 1,153 people who likely appeared in more than one meeting.
“This proves that the privacy and security of individuals and companies are at risk from data exposed on video conference meetings.”
Cross-referencing facial image data with social network data may cause greater privacy risk as it is possible to identify a user that appears in several video conference meetings and maliciously aggregate different information sources about the targeted individual.
The research team offers a number of recommendations to prevent privacy and security intrusions.
Not posting video conference images online, or sharing videos.
Using generic pseudonyms like “iZoom” or “iPhone” rather than a unique username or real name.
Using a virtual background vs. a real background since it can help fingerprint a user account across several meetings.
Additionally, the team advises video conferencing operators to augment their platforms with a privacy mode such as filters or Gaussian noise to an image, which can disrupt facial recognition while keeping the face still recognizable.
“Organizations are relying on video conferencing to enable their employees to work from home and conduct meetings.They need to better educate and monitor a new set of security and privacy threats,” Fire says.
“Parents and children of the elderly also need to be vigilant, as video conferencing is no different than other online activity.”