What we know about video conferencing with Google Meet
Dr. Martin Shelton
May 22, 2024
If you work remotely on the web, you’re probably getting comfortable with multiple video chat tools. At Freedom of the Press Foundation, we’ve published a high-level comparison of some common video chat applications, and many others maintain detailed comparison spreadsheets to help you compare dozens of tools. We also wanted to dive deeper into what we know about a few individual tools. This “fact sheet” will detail some security, privacy, usability, and anti-abuse properties of Google Meet. In particular, we’re focusing on properties that are critical to high-risk users, like journalists, and developed a series of questions to help examine these properties.
In our fact sheets, we’ll be taking a closer look at several tools in common use at media organizations. We can’t possibly cover them all. In addition to Google Meet, we’ll examine…
Each of these platforms changes regularly, so check back to see our regular updates. And if you see anything wrong, let us know at freedom.press/contact.
Threats to press freedom around the world are at an all-time high. Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Thanks for signing up for our newsletter. You are not yet subscribed! Please check your email for a message asking you to confirm your subscription.
Google Meet is Google’s core video chat tool for organizations and businesses, which they call Google Workspace. The service is not end-to-end encrypted, and user data can be decrypted by the company. To make their service simpler to use with Google’s other offerings, Meet is tied into your broader Google account. The company regularly tracks signs of unusual attempts to access your account, and offers two-factor authentication to prevent another user from logging in. Within Google Meet, you will also receive notifications if someone attempts to join a meeting from outside of the organization. When Google Meet is integrated into Google Workspace, the organization must have an administrator who can optionally lock down Google Workspace even further.
Google has published extensive details on its data security practices across its product offerings. You can read our post on privacy and security practices in Google Workspace to learn more.
Yes. Google Meet is accessible through your organizational Google account, which supports two-factor authentication. Users can enable two-factor authentication with ordinary SMS text messages, authentication apps (e.g., Google Authenticator, Authy), or FIDO-compliant security keys. Likewise, those with Android devices can use their phone as a security key, requiring a permission notification from their phone before the user can log in through another device.
To protect data flowing between users’ devices and Google’s data centers, the company uses standard TLS and SSL for transit-level encryption.
Simply put, no. Google uses DTLS-SRTP to secure connections between users. Google Meet documentation suggests all calls are encrypted between users and Google itself. However, Google announced a beta test for client-side encryption in Google Meet. Unfortunately — at least for now — client-side encryption features will only be available to Enterprise and Education Plus users.
In their security white paper, Google says it conducts both internal and external security audits, including its video products. To our knowledge, the results of these audits have not been publicly disclosed.
We are not aware of breaches of Google Meet specifically, but it has only been around for a few years. Its predecessor, classic Hangouts is implicated in a series of related Android breaches.
Google will automatically keep track of contacts you have previously emailed from Gmail. Likewise, in Google Workspace all members of an organization will be displayed in the organization’s directory by default. Contacts can also optionally be imported through sync with an Android device’s contact list. You can view or edit contact at contact.google.com.
Yes. You can join a meeting as a guest, but cannot host a meeting without a Google account.
Google retains dozens of data points about latency and performance (e.g., bit rate, estimated bandwidth), users in the meeting (e.g., meeting organizers, participant names and IDs, IP addresses), as well as details about the meeting itself, such as the name, date, and calendar ID of the event. Google Workspace Business and Enterprise users may parse much of this within their own Google Meet audit logs.
Google says they do not use your data for advertising. Instead, Google sells Google Workspace subscriptions with tiered monthly payment plans, and charges organizations per-user. They also sell voice call software, hardware that integrates with Meet, and collaborative displays.
Generally, Google says that users can expect that data they delete manually (e.g., an entry in search history) will be scrubbed from their servers within two months, and from backup servers within six months.
Google details how long Google Workspace administrators can retain specific types of product data, and if Google Workspace administrators can get it, Google also has access to that data. Google Workspace audit logs may include Google Meet data for up to six months. The same applies to individual accounts deleted from Google unless the user’s organization has set a separate data retention policy.
No.
Google releases transparency reports on government and court requests for user data every six months. The transparency report does not say how often data requests involve Google Meet data specifically.
Google’s policy is to notify an organization’s Google Workspace administrators of a data request, unless prohibited by law.
To obtain the real-time communications of video chat participants, typically Google’s transparency report has disclosed a small number of U.S. wiretap orders during each year since 2012, when they first began publicly disclosing the number of requests. We are not currently aware of unsealed court cases involving Google Meet specifically.
Enterprise users can live stream for as many as 100,000 view-only participants, but only within their own organization. Streaming must first be enabled by an organization administrator.
Yes! Rooms are closed by default, and users may optionally invite participants. Participants can also share the URL for the meeting with others, enabling guests to join the call with permission from current participants.
Meet offers several controls to ensure only the right people are in the meeting. Rooms are closed by default to those outside of the organization. Those within the organization can kick users out of a call, selectively invite participants, or selectively share the meeting link. Those who have not been invited can still request to join, but must be approved or denied by current participants.
Google Workspace provides different caps on the number of users who can join a meeting, depending on which version they have. Basic and Business Starter allow up to 100 users to join simultaneously, while Business Standard enables up to 150 participants, and Business Plus and Enterprise editions allow up to 500.
Google Meet supports live captions, screen readers, the ability to adjust contrast and size, and keyboard shortcuts.
Enterprise Google Workspace administrators can optionally enable the ability to record meetings. They must first configure who is allowed to record.
Yes. Any participant in the call can mute any other participant in the call.
Yes. Anyone within the Google Workspace organization can remove anyone on the call. Guest users cannot remove anyone.
Now that you’ve read all about the platform, you can evaluate whether it’s right for your situation. If you want to check out another platform, consider looking to our short guide for a high-level comparison, or videoconferencing.guide for many more details. And as always, contact our training team if you need more assistance.
This article was updated on May 10, 2022.