Updated As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over its "creepily chummy" relationship with tracking-based advertisers.

Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.

This personal info includes, and is not limited to, names, addresses and any other identifying data, job titles and employers, Facebook profiles, and device specifications. Crucially, it also includes "the content contained in cloud recordings, and instant messages, files, whiteboards ... shared while using the service."

Searls said reports outlining how Zoom was collecting and sharing user data with advertisers, marketers, and other companies, prompted him to pore over the software maker's privacy policy to see how it processes calls, messages, and transcripts.

And he concluded: "Zoom is in the advertising business, and in the worst end of it: the one that lives off harvested personal data.

"What makes this extra creepy is that Zoom is in a position to gather plenty of personal data, some of it very intimate (for example with a shrink talking to a patient) without anyone in the conversation knowing about it. (Unless, of course, they see an ad somewhere that looks like it was informed by a private conversation on Zoom.)"

Speaking of Zoom... Zoom's iOS app sent analytics data to Facebook even if you didn't use Facebook, due to the application's use of the social network's Graph API, Vice discovered. The privacy policy stated the software collects profile information when a Facebook account is used to sign into Zoom, though it didn't say anything about what happens if you don't use Facebook. Zoom has since corrected its code to not send analytics in these circumstances. It should go without saying but don't share your Zoom meeting ID and password in public, such as on social media, as miscreants will spot it, hijack it, and bomb it with garbage. Don't forget to set a strong password, too. Zoom, which has shared advice on meeting security, had to beef up its service's defenses after Check Point found a bunch of weaknesses, such as the fact it was easy to guess or brute-force meeting IDs.

The privacy policy, as of March 18, lumps together a lot of different types of personal information, from contact details to meeting contents, and says this info may be used, one way or another, to personalize web ads to suit your interests.

"Zoom does use certain standard advertising tools which require personal data," the fine-print states. "We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the internet, serving personalized ads on our website, and providing analytics services) ... For example, Google may use this data to improve its advertising services for all companies who use their services."

Searls, a former Harvard Berkman Fellow, said netizens are likely unaware their information could be harvested from their Zoom accounts and video conferences for advertising and tracking across the internet: "A person whose personal data is being shed on Zoom doesn’t know that’s happening because Zoom doesn’t tell them. There’s no red light, like the one you see when a session is being recorded.

"Nobody goes to Zoom for an 'advertising experience,' personalized or not. And nobody wants ads aimed at their eyeballs elsewhere on the 'net by third parties using personal information leaked out through Zoom."

The Register asked Zoom, which offers free and paid-for conferencing plans, for comment on the critique, and has yet to hear back from the developer.

"Zoom doesn’t need to be in the advertising business, least of all in the part of it that lives like a vampire off the blood of human data," Searls continued.

"If Zoom needs more money, it should charge more for its services, or give less away for free ... What Zoom’s current privacy policy says is worse than 'You don’t have any privacy here.' It says, 'We expose your virtual necks to data vampires who can do what they will with it.' Please fix it, Zoom. As for Zoom’s competitors, there’s a great weakness to exploit here."

The Zoom privacy policy, for what it's worth, states: "We do not allow marketing companies, advertisers, or anyone else to access personal data in exchange for payment ... in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood."

Meanwhile, shares in Zoom are up seven per cent today and 26 per cent over the past month. ®

Updated to add on March 31

Zoom quietly rewrote its privacy policy after this story was published to now clarify, among other things, that it does not use the contents of meetings and messages to target people with adverts.

"Zoom does not monitor or use customer content for any reason other than as part of providing our services," the fine print today reads. "Zoom does not sell customer content to anyone or use it for any advertising purposes."