Mozilla has released the latest instalment of its "*Privacy Not Included" ranking, where they do deep dives into the privacy features of the most popular apps and platforms.
The latest ranking, covering the privacy features of 21 popular video call apps, found that three of the most popular apps are also platforms that Mozilla researchers said had lackluster privacy features: Facebook Messenger, WeChat and Houseparty.
Slack was also criticized by Mozilla for not allowing users to block certain contacts. Signal and Threema were both cited as "outstanding" from a privacy perspective, but only Signal is free. Threema costs $2.99.
"Signal's open-source end-to-end encryption is lauded by many security professionals. And Signal won't track you or sell your data to strangers who could use it to target you with weird ads. Shoot, it was even recently reported that Facebook CEO Mark Zuckerberg himself uses Signal," Mozilla said in its analysis of Signal, noting that it has never had a data breach, only collects your phone number and never sells, rents or monetizes your personal data.
The report tackles thorny issues like "What data does the product collect?" "Does the product use encryption?" and "How does the product use AI?" Fifteen of the apps were covered in Mozilla's 2020 report and six new ones were added to the latest version.
Jen Caltrider, the lead researcher for Mozilla's *Privacy Not Included, noted that due to the COVID-19 pandemic, video calling apps have become a routine part of millions of people's lives. Even as life begins to slowly return to normal, video calls for work and pleasure appear to be a pandemic trend that will continue into the future.
"In this new world, people deserve to know if the apps they're using everyday respect their privacy -- or if they're snooping on them," Caltrider said. "While video call apps may feel more intimate than social media platforms, there's still a ton of data being collected, stored, and shared. For that reason, users should assume that anything they say on a video call app could be made public."
In addition to the six that stood out for good and bad reasons, Mozilla also examined Apple's FaceTime, 8x8's Jitsi Meet, Cisco's Webex, GoToMeeting, Viber, Discord, Doxy.me, Google Hangouts/Meet/Duo, Microsoft Teams, Telegram, BlueJeans, Zoom, Marco Polo, Skype and WhatsApp.
The report explains that Facebook Messenger, WeChat and Houseparty all got the *Privacy Not Included tag because they collect significant amounts of personal information and data, share it with "shady data brokers" and use poor encryption, among a host of other issues.
Mozilla also criticizes many other apps for either not having a block feature or having a limited one that can only be used in specific instances.
"Forcing people to rely on HR or IT departments to protect them from abuse over messaging platforms is not ideal," Mozilla researchers said, adding that they have launched a petition urging Slack to create a block feature.
The report notes that in examining privacy policies, many are effectively unreadable and lack specific language about pertinent issues like data retention periods and how to delete data.
Just eight of the 21 had what Mozilla considered "user-friendly" privacy information available to users. They also criticized companies like Microsoft for using umbrella privacy policies that make it difficult to know exactly what data certain platforms collect.
"It's surprising just how terrible video call app privacy policies are. They rarely help consumers understand what personal information a company collects on them and how they use that information," Caltrider told ZDNet.
"Vaguely worded privacy policies can mean companies are collecting just about anything and using it just about any way they want. Yikes! Companies need to do better at being direct, open, and honest with their customers at what data they collect and how they use that data. Our privacy depends on it."
There are signs that more companies are improving their privacy features. Mozilla noted that apps like Zoom have added more end-to-end encryption and others, like Discord and Doxy.me, are now demanding stronger password requirements.