all-in-one privacy solution":["Proton Unlimited jest kompleksowym rozwiązaniem zapewniającym prywatność"],"Black Friday":["Czarny Piątek"],"No ads. Privacy by default.":["Brak reklam. Prywatność w standardzie."],"People before profits":["Ludzie przed zyskiem"],"Security through transparency":["Bezpieczeństwo dzięki przejrzystości"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Najlepsze oferty Proton Mail ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["Jedyna na świecie usługa e-mail wspierana przez społeczność"]},"specialoffer:limited":{"${ hours } hour":["${ hours } godzina","${ hours } godziny","${ hours } godzin","${ hours } godziny"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Pozostało: ${ hoursLeft }, ${ minutesLeft } i ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuta","${ minutes } minuty","${ minutes } minut","${ minutes } minuty"],"${ seconds } second":["${ seconds } sekunda","${ seconds } sekundy","${ seconds } sekund","${ seconds } sekundy"],"Limited time offer":["Oferta ograniczona czasowo"]},"specialoffer:listitem":{"Create multiple addresses":["Utwórz wiele adresów"],"Hide-my-email aliases":["Aliasy hide-my-email"],"Quickly unsubscribe from newsletters":["Szybko anuluj subskrypcję biuletynów"],"Use your own domain name":["Korzystaj z własnej nazwy domeny"]},"specialoffer:logos":{"As featured in":["Opinie naszych klientów"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Uzyskaj zaszyfrowaną usługę e-mail, która chroni Twoją prywatność"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Wyprzedaż Proton Mail z okazji Czarnego Piątku – uzyskaj do 40% zniżki"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Uzyskaj do 40% zniżki na subskrypcje Proton Mail w ten Czarny Piątek. Znajdź wspaniałe oferty naszych bezpiecznych planów usługi poczty elektronicznej w szyfrowaniu end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Wyprzedaż Proton Mail z okazji Czarnego Piątku | Do 40% zniżki na bezpieczną pocztę elektroniczną"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Płatne ${ TOTAL_SUM } za pierwszy rok"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["* Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"30-day money-back guarantee":["30-dniowa gwarancja zwrotu pieniędzy"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"Billed at ${ TOTAL_SUM } for the first year":["Płatne ${ TOTAL_SUM } za pierwszy rok"],"You save ${ SAVE_SUM }":["Oszczędzasz ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Uwielbiam ProtonMail"],"My favorite email service":["Moja ulubiona usługa e-mail"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Dziękuję Protonowi za dbanie o nasze bezpieczeństwo w skomplikowanym internetowym uniwersum."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Dostajesz to, za co płacisz. W przypadku przedsiębiorstw big tech, jeśli nie płacisz nic, zostaniesz wykorzystany. Przestałam korzystać z Gmail i przeniosłam się na @ProtonMail"]},"specialoffer:time":{"Days":["Dni"],"Hours":["Godz."],"Min":["Min"]},"specialoffer:title":{"And much more":["I wiele więcej"],"Safe from trackers":["Żadnych elementów śledzących"],"Stay organized":["Dbaj o dobrą organizację"],"Black Friday email deals":["Oferty e-mailowe na Czarny Piątek"],"Don’t just take our word for it":["Nie musisz wierzyć nam na słowo"],"Make your inbox yours":["Niech skrzynka odbiorcza należy tylko do Ciebie"],"Our story":["Nasza historia"],"Transfer your data from Google in one click":["Przenieś dane z Google jednym kliknięciem"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach z możliwością połączenia do 10 urządzeń, a także dostęp do globalnych usług streamingu, blokadę reklam, złośliwego oprogramowania i wiele więcej."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Łatwo udostępniaj swój kalendarz rodzinie, znajomym oraz współpracownikom i wyświetla kalendarze zewnętrzne."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Zawiera obsługę 1 niestandardowej domeny e-mail, 10 adresów e-mail, 10 aliasów hide-my-email, udostępnianie kalendarza i nie tylko."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Obejmuje obsługę 3 niestandardowych domen e-mail, 15 adresów e-mail, nielimitowane aliasy hide-my-email, udostępnianie kalendarza i nie tylko."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Zarządzanie nawet 25 kalendarzami, aplikacje mobilne, bezpieczne szyfrowanie metodą end-to-end, importowanie kalendarza za pomocą jednego kliknięcia z Google i więcej."]},"Status banner":{"Learn more":["Dowiedz się więcej"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Uwaga: obecnie występują problemy z usługą ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["Mamy problemy z co najmniej jedną usługą."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["W tej chwili mamy problemy z usługą Proton VPN"],"Learn more":["Dowiedz się więcej"]},"steps":{"Step":["Krok"]},"suggestions":{"Suggestions":["Sugestie"]},"Support":{"Sub category":["Podkategoria","Podkategorie","Podkategorii","Podkategorii"]},"Support article":{"${ readingTime } min":["${ readingTime } min","${ readingTime } min","${ readingTime } min","${ readingTime } min"],"Category":["Kategoria","Kategorie","Kategorii","Kategorii"],"Didn’t find what you were looking for?":["Nie znaleziono szukanej frazy?"],"General contact":["Skontaktuj się, wykorzystując ogólne zapytanie"],"Get help":["Uzyskaj pomoc"],"Legal contact":["Skontaktuj się z działem prawnym"],"Media contact":["Skontaktuj się z zespołem medialnym"],"Partnerships contact":["Skontaktuj się z zespołem ds. partnerstwa"],"Reading":["Odczytywanie"]},"Support Form Platform option":{"VPN for Android TV":["VPN dla Android TV"],"VPN for Apple TV":["VPN na Apple TV"],"VPN for Chromebook":["VPN dla Chromebooka"]},"Support troubleshooting":{"App version":["Wersja aplikacji"],"Browser":["Przeglądarka"],"Check if this helps":["Sprawdź, czy to pomoże"],"Choose a product":["Wybierz produkt"],"Did this solve your issue?":["Czy Twój problem został rozwiązany?"],"Faster assistance is just a few clicks away":["Szybsze wsparcie uzyskasz w kilka kliknięć"],"How can we help?":["Jak możemy pomóc?"],"No, contact support":["Nie, skontaktuj się z pomocą techniczną"],"Please fill out one field after another":["Wypełnij pola jedno po drugim"],"Please make your selections":["Dokonaj wyboru"],"Proton account":["Konto Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Dziękujemy za podzielenie się opinią"],"What can we help with?":["W czym możemy pomóc?"],"Yes":["Tak"]},"support_modal_search_query":{"Search query":["Zapytanie wyszukiwania"]},"support_search_button":{"Search":["Szukaj"]},"support_search_i_am_looking_for":{"I'm looking for":["Szukam"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["W celu szybszego rozwiązania problemu dokonaj zgłoszenia przez aplikację Bridge: Pomoc > Zgłoś problem."],"Information":["Informacje"]},"SupportForm:option":{"Account Security":["Bezpieczeństwo konta"],"Contacts":["Kontakty"],"Custom email domain":["Niestandardowa domena e-mail"],"Email delivery and Spam":["Dostarczanie wiadomości e-mail i spam"],"Encryption":["Szyfrowanie"],"Login and password":["Login i hasło"],"Merge aliases and accounts":["Scalanie aliasów i kont"],"Migrate to Proton":["Migracja do Proton"],"Notifications":["Powiadomienia"],"Other":["Inne"],"Plans and billing":["Plany i rozliczenia"],"Proton for Business":["Proton for Business"],"Sign up":["Rejestracja"],"Storage":["Przestrzeń dyskowa"],"Users, addresses, and identities":["Użytkownicy, adresy i tożsamości"]},"SupportForm:optionIntro":{"Select a topic":["Wybierz temat"]},"Testimonial":{"Awards":["Nagrody"],"Customers":["Klienci"],"Featured":["Wyróżnione"],"Go to testimonial source":["Przejdź do źródła referencji"],"Open source of award":["Otwórz źródło nagrody"],"Open source of quote":["Otwórz źródło cytatu"],"Reviews":["Opinie"],"Videos":["Pliki wideo"],"Watch on TikTok":["Oglądaj na TikTok"],"Watch on YouTube":["Oglądaj na YouTube"]},"TestimonialCategory":{"Awards":["Nagrody"],"Customers":["Klienci"],"Featured":["Wyróżnione"],"Media":["Multimedia"],"Reviews":["Opinie"],"Videos":["Pliki wideo"]},"Text":{"If you need help, check out our ${ supportLink }.":["Jeśli potrzebujesz pomocy, sprawdź naszą ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Strona, której szukasz, mogła zostać usunięta lub link jest przestarzały."],"Your question may already have an answer in our knowledge base:":["Na Twoje pytanie może już istnieć odpowiedź w bazie wiedzy:"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach, najwyższe prędkości VPN, ${ TOTAL_VPN_CONNECTIONS } połączeń VPN, usługi streamingu na całym świecie, blokowanie reklam oraz złośliwego oprogramowania i wiele więcej."]},"vpn_servers":{"Get Proton VPN Plus":["Wybierz plan Proton VPN Plus"]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Wybierz Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Portfel"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Portfel"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Przewodnik po systemie Bitcoin"],"Proton Wallet news":["Aktualności Proton Wallet"],"Proton Wallet support":["Wsparcie dla Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Zawiera wszystko, co Proton Unlimited oraz"],"Limited availability":["Ograniczona dostępność"],"The easiest way to securely own, send, and receive Bitcoin":["Najprostszy sposób na bezpieczne przechowywanie, wysyłanie i odbieranie waluty Bitcoin"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Odkryj rozwiązanie Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Bezpiecznie przechowuj i przesyłaj Bitcoiny dzięki szyfrowanemu portfelowi typu self-custody."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Dowiedz się więcej o internetowym systemie gotówkowym Bitcoin."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Miej pełny nadzór nad swoimi Bitcoinami."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Szyfrowany portfel o otwartym kodzie źródłowym, który daje Ci pełną kontrolę."]}}},"base":"blog","cdn":{"enabledForAssets":true,"enabledForImages":true,"url":"https://pmecdn.protonweb.com/"},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
Using Zoom? Here are the privacy issues you need to be aware of | Proton
Zoom(nowe okno) has seen a flood of new users as the COVID-19 outbreak forces more and more employees to transition to working from home. Zoom’s big selling point is its near-frictionless video calls.
However, new users should be aware of the company’s privacy practices. By looking through its privacy policy and some of its support documents, you quickly discover that Zoom shares the copious amounts of data it collects with third parties and has already had a major security vulnerability. An investigation by The Intercept(nowe okno) has called into doubt Zoom’s claim of end-to-end encryption on its video calls. And online trolls have also taken advantage of default Zoom settings to “Zoombomb,” public conference calls and disrupt them.
We believe it’s important for our community who may be switching to Zoom in their workplace during the coronavirus outbreak to be aware of these issues, and this post looks at each of them in detail. At the end, we’ll offer some suggestions for what you can do to protect yourself while using Zoom.
Zoom privacy regarding your data
Zoom not only tracks your attention, it tracks you.
According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any “information you upload, provide, or create while using the service.”
Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email), but much of it is collected automatically by the Zoom app.
In its privacy policy(nowe okno), under the entry “Does Zoom sell Personal Data?” the policy says, “Depends what you mean by ‘sell.’” To summarize Zoom’s policy, they say they don’t sell personal data for money to third parties, but it does share personal data with third parties for those companies’ “business purposes.” In its privacy policy, it gives the example that it may pass your personal information to Google.
An article in Vice(nowe okno) pointed out that the Zoom iOS app shared a substantial amount of user data with Facebook, even if the user does not have a Facebook account. However, two days after this story was published, Zoom removed the code(nowe okno) that sent data to Facebook. In a statement to Vice, Zoom explained it was unaware that the Facebook software development kit (SDK) used to implement the “Login with Facebook” feature in its app was collecting unnecessary data. The statement also listed the types of device data the Facebook SDK had collected, including the mobile operating system (OS) type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.
Zoom is now facing a class action lawsuit(nowe okno) from a California resident who alleges that Zoom violated the California Consumer Privacy Act by not getting users’ consent before sharing their data with Facebook. Also, the New York Attorney General’s office recently sent a letter to the company(nowe okno), expressing concern that Zoom’s existing security practices fail to secure its users’ data. The Attorney General’s primary concern is that Zoom may not be doing enough to meet the state’s requirements to protect student data. Zoom recently increased the number of participants allowed on its free calls to help teachers and schools reach students at home.
Zoom does not use end-to-end encryption
Zoom used its own definition for end-to-end encryption(nowe okno) (E2EE), one that is likely to mislead many of its users. Despite both Zoom’s website(nowe okno) and its security white paper(nowe okno) claiming calls that use “computer audio” are end-to-end encrypted, The Intercept found that Zoom only uses transport layer security (TLS) encryption, the same encryption that protects all websites that use HTTPS.
TLS encryption protects Internet connections from being eavesdropped on by third parties, but in this case, it does not protect the data from Zoom itself. This is different from E2EE services like Proton Mail. With true E2EE, a message (or video chat) is encrypted on a user’s device and then cannot be decrypted until it reaches the recipient’s device. No one can decrypt or access unencrypted data between the two end users.
A Zoom spokesman clarified that E2EE to Zoom means, “the connection [is] encrypted from Zoom end point to Zoom end point.” Here “end point” refers to the Zoom server, not the Zoom app. This is not true E2EE.
In response to this reporting and the widespread confusion, Zoom put out a blog post(nowe okno) that acknowledged, “there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
Online trolls have disrupted numerous online conference calls, by sharing disturbing or pornographic material using a Zoom screen share feature. This has become known as “Zoombombing,” and it is a widespread problem.
Zoom, by default, allows anyone to share their screen with the participants of a call without permission from the call’s host. If a call is public, anyone with the URL to the call can join. This has allowed malicious actors to sneak into calls using publicly shared links and then take over by sharing their screen and showing the audience offensive material.
The camera hacking bug
Last year, security consultant Johnathan Leitschuch(nowe okno) discovered that Zoom set up a local web server on a user’s Mac device that allowed Zoom to bypass security features in Safari 12. This web server was not mentioned in any of Zoom’s official documentation. It was used to bypass a pop-up window that Safari 12 would show before it turned on your device’s camera.
However, this remote web server was also not adequately secured. Pretty much any website could interact with it. The result was that Zoom allowed malicious websites to take over your Mac’s camera without ever alerting you.
While Zoom has since removed these remote web servers(nowe okno), its cavalier approach to getting user permission and its repeated disregard for security and privacy concerns in the pursuit of convenience raise serious questions about trust.
How you can protect your data
As Zoom becomes the standard video conferencing tool, there are some steps you can take to keep your data safe.
Do not use Facebook to sign in: It might save time, but it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
Keep your Zoom app updated: Zoom removed the remote web server from the latest versions of its apps. If you recently downloaded Zoom, there’s no need to be concerned about this specific vulnerability.
Prevent intruders and Zoombombing on your calls: Before you set up a public Zoom call, go to Settings and turn Screen Sharing to “Host only,” disable “Join Before Host,” disable “Allow Removed Participants to Rejoin,” and disable “File Transfers.” If practical, you should also protect your conference call with a password.
We recognize that working from home is going to require a reconfiguring of how companies, offices, and employees work. However, workers’ personal privacy should not be sacrificed in this transition.
Now that offices are closed, it is more important than ever that workers remember security guidelines. We have resources that can help you stay safe. Our IT security ebook(nowe okno), with its email security(nowe okno) and IT security(nowe okno) best practices lists, can help employees maintain their security and privacy while working from home.
UPDATE March 27, 2020: This article was updated to incorporate the news that Zoom’s iOS app shares data with Facebook.
UPDATE March 30, 2020: This article was updated after Zoom removed the code that shared users’ device data with Facebook.
UPDATE April 1, 2020: This article was updated after the New York Attorney General requested security information from Zoom and a California resident filed a class action suit against the company. It also incorporates new information discovered about Zoom’s false claims regarding end-to-end encryption and new reporting on Zoombombing.
UPDATE May 4, 2020: This article was updated to show that Zoom removed its attendee attention tracking feature, which alerted the hosts of a call if you minimized or clicked away from your Zoom window for 30 seconds. It also now includes Zoom’s explanation for why it was using “end-to-end encryption” in its marketing.
UPDATE June 25, 2020: This article was updated after Zoom backtracked from its original stance that it would only offer end-to-end encryption to paying users. It has since announced that E2EE will be available to all users, including those on a free plan.
You can get a secure email by choosing using our Free plan or upgrade to a paid version of Proton Mail.
ProtonMail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(nowe okno). Thank you for your support.