Should you be using Zoom? A privacy discussion

 

During the pandemic, the use of video conferencing apps (both for work and personal use), has become crucial to maintain sanity and keeping in touch with reality. However, with the increased use of these apps, there has been an increased discussion about security and privacy of individuals and organizations. Zoom is one such application with it being used by everyone from yoga classes, family calls to even cabinet meetings. It saw a surge in its usage from the beginning of January 2020 but is under scrutiny for violating security protocols. This article is discussing the recent issues that have been circulating online lately. 

Zoom is a popular video conferencing application that has been around since 2011. When it came out, it was a competitor to popular companies at the time such as Skype, Cisco’s WebEx and Google Hangouts. 

Security and Privacy

Zoom may never have outlined its product past enterprise chat at first, but with the app presently being utilized in a number of ways and by regular consumers, the company’s full scope of errors have come into sharp focus — something it was able to dodge all this time.

• Starting with privacy. Zoom’s much-maligned privacy policy has come under scrutiny. Zoom’s privacy policy states how which information it gathers from the user’s session and how it intends to use it. Could your instant messages and recordings be utilized to target ad campaigns or create a facial recognition algorithm? Like recordings collected by other tech companies? That’s likely not what individuals are expecting when they contact a therapist, hold a business meeting, or have a job interview using Zoom.

• Researchers discovered a flaw in Zoom’s Windows app that made it vulnerable to UNC path injection’ vulnerability that could allow remote attackers to steal victims’ Windows login credentials and even execute arbitrary commands on their systems.

• Vice recently revealed that Zoom was leaking people’s email addresses and photos to strangers due to its flawed security practices. The flaw in Zoom’s ‘Company Directory’ setting, which automatically allowed strangers to create new accounts and add them to a pool of users having the same domain (example: apple.com).

• A deep flaw called zoombombing wherein trolls take advantage of open or unprotected meetings to take over screen-sharing and broadcast graphic images and other explicit content during that call.

Should you use Zoom?

Zoom has responded positively (and swiftly) to these disclosures and already patched a number of issues highlighted by the security community. In addition to this, the company has announced a 90-day freeze on releasing new features to ‘better identify, address and fix issues proactively’.

Interestingly, there hasn’t been a consensus about whether you need to stop using Zoom or not given the current environment and the increasing need to stay connected to stay sane. There are still a few tips that we all should follow before creating a Zoom call:

• If you are worried about being Zoombombed, set a meeting password, and lock a meeting once everyone who needs to join has joined.
• Make sure you do not publicly share your meeting details on social media. 
• Regular users is simply to think carefully about their security and privacy needs for each call they make. Zoom’s security is likely sufficient if it’s just for casual conversations or to hold social events and organize lectures.

If you want to read about more ways how to increase your Zoom security during video calls, EFF has a handy guide here.