Like all communication apps, Google Meet has security flaws, and journalists must use it wisely. In Part 3 of this series on video conferencing for Reporters Without Borders (RSF), tech security expert Bence Kócsi explains the risks, and security precautions to take when using Google Meet.
Google Meet is favoured by many professionals for its convenience and interoperability with other Google products (Gmail, Google calendar, etc.). While regarded by many as equal to or better than Zoom in terms of security, Google Meet is owned and operated by Google, which has a concerning history of data collection and lack of transparency.
Risks of using Google Meet
- A Google account is usually required. For contacts requiring anonymity, an alternate account may need to be made so as to not link their presence in a meeting back to their personal account. For contacts living in China, where Google doesn’t operate, even making an account may be difficult.
- Meetings cannot be password-protected, meaning an unwanted person with illegitimate access to someone else’s Google account could join a meeting easily.
- Meetings are not fully encrypted by default. While they are protected from third parties, the content of meetings is visible to Google.
- Google can be ordered to hand over user data. User data visible to Google is at risk of being handed over to governments if requested.
- End-to-end encryption (E2EE) is only available for some features. Voice and video messages are fully encrypted by default, but meetings require the user to use Meet Legacy Calls (formerly Duo) for E2EE.
- Google Dial-In is totally unencrypted. Dial-In and Dial-Out connect Google Meet with regular phone numbers over the telephone network, which is unencrypted.
Google Meet’s in-built security features
- Meeting security settings are available. These can deny access to the meeting until the participant has been vetted by the host, limit who can join and who can speak, and prevent accounts that are repeatedly denied access from continuously requesting it.
- Google accounts provide extra security. Though not convenient in every situation, high security meetings can control who can join by approving only specific accounts, and may only be accessible to those with a Google Calendar link, greatly reducing the chance of unwanted guests joining.
- Google does not operate in China, which means user data is unlikely to be sent to servers accessible to the Chinese government.
Recommendations when using Google Meet
- Make alternate accounts. Journalists and informants concerned with anonymity and wary of Google’s data practices should use alternate accounts for sensitive communication and planning of meetings.
- Use Legacy Calls (Duo) whenever possible. These are end-to-end encrypted and not visible to Google, therefore the contents of the meeting cannot be handed over to third parties or governments.
- Do not use Dial-In or Dial-Out features. The telephone network is totally unencrypted and easily intercepted.
← Read Part 1: Common security risks
← Read Part 2: Zoom
Bence Kócsi is an experienced freelance editor, writer, and researcher. He has been focusing on a wide range of topics including digital security, technology, historical linguistics, politics, and medicine.