cancel
Showing results for 
Search instead for 
Did you mean: 

Who can see private conversations in an Enterprise Zoom?

sancho5300
Newcomer
Newcomer

Good morning everyone,

I am in a company that uses zoom as a means of instant communication. I would like to know if private conversations and groups are private or if an administrator or super-administrator can see all of the private conversations please ?

Thank you for your reply.

1 ACCEPTED SOLUTION

Hi @ZoomZoomZoom007 I'm Andy, the creator of ZoomOSC. I'd like to offer you and our other readers some information about the application in response to your claims. ZoomOSC does NOT have the ability to do things like snooping on private DMs between far-end users, see who someone else has pinned, etc. ZoomOSC is built upon the Zoom Meeting SDK, which itself follows the business logic of the Zoom Workplace app with regard to the meetings experience. For example, if the Zoom Workplace app could not see a message between users, then ZoomOSC in the identical context would not have the ability to read and export that message to OSC because the Meeting SDK would not surface it. ZoomOSC and the Meeting SDK are not designed to manipulate restrictions imposed to Zoom Workplace. Instead, they are powerful tools for accessing the capabilities of Workplace in the context where those capabilities are operable. In addition, for any lingering concerns about ZoomOSC's legitimate capabilities, users have a plethora of management tools at their disposal thanks to the Zoom App Marketplace. For example, ZoomOSC triggers the Active App Notifier, revealing to all Zoom participants that a Meeting SDK application has access to certain data with hyperlinks for further reading. Admins can control the presence of ZoomOSC or other Meeting SDK applications in their meetings and webinars. And the best part of all of this work is that you don't need to take my word for it. You can independently review the validity of my claims by visiting the https://developer.zoom.us website and referencing documents like our Meeting SDK for macOS guides https://developers.zoom.us/docs/meeting-sdk/macos/ which includes the SDK reference. I hope you take the time to review!

View solution in original post

7 REPLIES 7

Hamilton-Zoomie
Zoom Employee
Zoom Employee

Your Zoom Account Owner, by default, is the only one with access to the Chat History report to be able to view all conversations, including private, if Cloud Storage is enabled and advanced chat encryption is disabled.  That account owner can then give permissions to other admins with a role the ability to access those chat history reports also.

ZoomZoomZoom007
Newcomer
Newcomer

The reply you received previously is less than accurate on its face. I would’ve hoped Zoom would be more responsible in disclosing the reality behind privacy within their platform. The truth is there are alternate versions of zoom which give the participant ability to perform a wide range of actions which have the potential to compromise the privacy of others within a room. Someone with Zoom OSC can not only read any private conversation in the room, they can also see who a participant has pinned, as well as a participant’s IP address. They can even send messages posing as a separate participant in the room without anyone knowing these abnormalities are occurring. It is a powerful tool which offers endless possibilities to manipulate the standard restrictions set on Zoom Workplace.

Hi @ZoomZoomZoom007 I'm Andy, the creator of ZoomOSC. I'd like to offer you and our other readers some information about the application in response to your claims. ZoomOSC does NOT have the ability to do things like snooping on private DMs between far-end users, see who someone else has pinned, etc. ZoomOSC is built upon the Zoom Meeting SDK, which itself follows the business logic of the Zoom Workplace app with regard to the meetings experience. For example, if the Zoom Workplace app could not see a message between users, then ZoomOSC in the identical context would not have the ability to read and export that message to OSC because the Meeting SDK would not surface it. ZoomOSC and the Meeting SDK are not designed to manipulate restrictions imposed to Zoom Workplace. Instead, they are powerful tools for accessing the capabilities of Workplace in the context where those capabilities are operable. In addition, for any lingering concerns about ZoomOSC's legitimate capabilities, users have a plethora of management tools at their disposal thanks to the Zoom App Marketplace. For example, ZoomOSC triggers the Active App Notifier, revealing to all Zoom participants that a Meeting SDK application has access to certain data with hyperlinks for further reading. Admins can control the presence of ZoomOSC or other Meeting SDK applications in their meetings and webinars. And the best part of all of this work is that you don't need to take my word for it. You can independently review the validity of my claims by visiting the https://developer.zoom.us website and referencing documents like our Meeting SDK for macOS guides https://developers.zoom.us/docs/meeting-sdk/macos/ which includes the SDK reference. I hope you take the time to review!

Hi @AndyCarluccio. I couldn’t be more thrilled to have you join this chat. I’m curious if you’re also the creator of node.js, advanced companion or isadora and are you sure of the scope of osc’s capabilities when used in coordination with other software. I have been in rooms on zoom with advanced programmers and coders and have experienced things that defy the limitations you define. Many people in these rooms have been told by moderators and hosts that they do have this capability after happenings which seem to defy the possibility of said events occurring any other way than by means of which I mentioned before. I personally would be shocked if there was a different explanation for my experience other than that my private messages were being read by a third party and messages were being sent by a participant with with the ability to deliver these messages while assuming the username of a separate participant. These events are occurring and many people who have had the same experiences are trying to figure out how that is. Thank you for your time in discussing this.

In the cases you described, the Zoom Meeting SDK would still be the "gatekeeper" of the data because the flow would be MeetingSDK --> ZoomOSC ---> Isadora / Companion / Node.js

And for what it's worth, I designed the Companion integration and authored many of the JS ZoomOSC processing nodes for Isadora 🙂

ZoomZoomZoom007
Newcomer
Newcomer

The I suppose my question to you is, what do they know that you don’t and how do you suggest they are able to perform these tasks?

I would say then that I disagree that this happened in the way you have stated and for the reasons you have stated based on my expertise, and I will leave it at that.