Zoom and Gloom: Use It to Your Own Peril
Posted on 04-03-2020.
While most businesses suffer greatly during the quarantine, there are bound to be at least some that actually thrive. It makes sense that among such businesses the most prominent ones would be digital platforms that provide convenient access to work and entertainment from home.
This month the industry had a clear winner—Zoom. It is a free service that resembles Google Meet. Otherwise, it is hard to tell what generated the hype around it. But the company’s stock price almost doubled since the start of the year. And according to SensorTower, the Zoom iPhone app has remained the most downloaded app in the U.S. and many other countries for weeks.
But quarantine is perhaps the toughest imaginable stress test for a video chat service. And under the strain of greatly increased userbase (which inevitably included bored hackers), in recent days Zoom got under fire as numerous privacy issues started popping up.
In this article, we will explain Zoom’s main privacy issues and outline the broader issue with centralized services.
Zoom Goes Boom
A few days ago, along with a recap of Zoom’s long known problems, a number of new debilitating bugs were pointed out
by a security researcher Patrick Wardle on his blog. Zoom did not have a stellar track record security-wise, to begin with, but according to the researcher, the newest exploits he managed to uncover allowed attackers to exploit Zoom’s installer to basically hijack a user’s Mac. This breach could allow the attacker to record all Zoom calls or even access the user’s mic and cam at any moment.
This could lead to disastrous consequences, given that even high profile politicians were seen using Zoom during the quarantine.
In Zoom’s defense, Wardle’s feedback was immediately noted and was allegedly fixed
within a day. But does it mean Zoom is safe now?
Those Were Bugs, But These Are Features
Every digital product is bound to have bugs. Those of Zoom were perhaps way too severe for a platform of such scale. But still, there was no ill intent behind them. However, Zoom’s users should be aware of various other problematic practices, which actually work as intended.
For one, despite being marketed as a strong proponent of privacy, it was reported
that Zoom does not, in fact, provide end-to-end encryption, which makes all user calls vulnerable. What’s even more egregious is that Zoom was caught
sending data to Facebook for advertising purposes.
As stated in the recent class-action lawsuit
against the platform:
“Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. (“Facebook”), invading the privacy of millions of users.”
Once again, Zoom has promptly reacted
to the controversy and removed that feature. But this begs the question: what else are we missing that’s wrong with Zoom?
Centralized Services Are Not Safe
So what should Zoom users do now? Go back to clunky Skype? Pay for Google subscription? Or plaster their webcams and talk in hushed voices around their laptops?
According to meticulous research
done by James Lopp, the famous cypherpunk and co-founder of CasaHodl, Zoom is only a tip of the iceberg when it comes to weak privacy policies among centralized services. All the popular video conference services, including Google Meet, Skype and Snapchat, by design have many of the same glaring privacy problems as Zoom.
Unfortunately, this one field was not yet blessed by a secure decentralized solution. So the best we can do is to pick a service with strong encryption from Mr. Lopp’s list.
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.