Now that we are all trapped at home thanks to the coronavirus pandemic, video calls have gone from being a novelty to a necessity. Zoom, the popular video conferencing service, appears to be better than most and has quickly become one of the popular, if not the most popular, options.
But should it be?
Zoom Recent popularity has also highlighted the company's security protections and privacy promises. Just today, The Intercept reported that Zoom video calls are not end-to-end encrypted, despite the company's claims that they are.
And Motherboard reports that Zoom is leaking the email addresses of "at least a few thousand" people because personal addresses are treated as if they belong to the same company.
These are the latest examples that the company had to spend the last year cleaning up after a flurry of headlines examining the company's practices and misleading marketing. This is:
- Apple was forced to step in to secure millions of Macs after a security researcher discovered that Zoom was unable to reveal that it installed a secret web server on users' Macs, which Zoom was unable to remove when the client was uninstalled. Researcher Jonathan Leitschuh said the web server meant that any malicious website could activate the Mac webcam with Zoom installed without user permission. The investigator refused to pay a reward for errors because Zoom wanted Leitschuh to sign a confidentiality agreement, which would have prevented him from revealing details of the error.
- Zoom was silently sending data to Facebook about a user's Zoom habits, even when the user does not have a Facebook account. Motherboard reported that the iOS app was notifying Facebook when they opened the app, the device model, the phone provider that opened the app, and more. Zoom removed the code in response, but not fast enough to prevent a class action lawsuit or the New York attorney general from starting an investigation.
- Zoom was again criticized for its "attendee tracking" feature, which, when enabled, allows the host to check whether participants are clicking outside the main Zoom window during a call.
- A security researcher discovered that the Zoom uses a "bleak" technique to install your Mac application without user interaction. "The same tricks that macOS malware uses," said the researcher said.
- On the plus side and to the relief of some users, we report that it is indeed possible to join a Zoom video call without having to download or use the app. But Zoom's "dark patterns" don't make it easy to start a video call using just your browser.
- Zoom has faced questions about its lack of transparency in the law enforcement requests it receives. Access Now, a rights and privacy group, asked Zoom to post the number of requests it receives, such as Amazon, Google, Microsoft and many more tech giants report semi-annually.
- Then there is Zoombombing, where trolls take advantage of open or unprotected meetings and poor default settings to take care of screen sharing and streaming pornography or other explicit material. The FBI this week warned users to adjust their settings to prevent trolls from hijacking video calls.
There are many more privacy-focused alternatives to Zoom. Three are various options, but all have their difficulties. FaceTime and WhatsApp are end-to-end encrypted, but FaceTime only works on Apple devices and WhatsApp is limited to only four video calls at a time. A lesser-known video calling platform, Jitsi, is not end-to-end encrypted, but is open source, so you can look at the code to make sure there are no back doors, and it works on all devices and browsers. You can run Jitsi on a server you control for more privacy.
To be fair, Zoom is not inherently bad and there are many reasons why Zoom is so popular. It is easy to use, reliable and for the vast majority it is incredibly convenient.
But Zoom's misleading claims give users a false sense of security and privacy. Whether you're hosting a virtual happy hour or a yoga class, or using Zoom for therapy or government cabinet meetings, everyone deserves privacy.
Now more than ever Zoom has a responsibility to its users. For now, Zoom at your own risk.