Zoom and Gloom: Use It to Your Own Peril
While most businesses suffer greatly during the quarantine, there are bound to be at least some that actually thrive. It makes sense that among such businesses the most prominent ones would be digital platforms that provide convenient access to work and entertainment from home.
This month the industry had a clear winner—Zoom. It is a free service that resembles Google Meet. Otherwise, it is hard to tell what generated the hype around it. But the company’s stock price almost doubled since the start of the year. And according to SensorTower, the Zoom iPhone app has remained the most downloaded app in the U.S. and many other countries for weeks.
But quarantine is perhaps the toughest imaginable stress test for a video chat service. And under the strain of greatly increased userbase (which inevitably included bored hackers), in recent days Zoom got under fire as numerous privacy issues started popping up.
In this article, we will explain Zoom’s main privacy issues and outline the broader issue with centralized services.
Zoom Goes Boom
A few days ago, along with a recap of Zoom’s long known problems, a number of new debilitating bugs were pointed out by a security researcher Patrick Wardle on his blog. Zoom did not have a stellar track record security-wise, to begin with, but according to the researcher, the newest exploits he managed to uncover allowed attackers to exploit Zoom’s installer to basically hijack a user’s Mac. This breach could allow the attacker to record all Zoom calls or even access the user’s mic and cam at any moment.
This could lead to disastrous consequences, given that even high profile politicians were seen using Zoom during the quarantine.
This morning, I chaired the first ever video conference Cabinet meeting.
— Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 24, 2020
In Zoom’s defense, Wardle’s feedback was immediately noted and was allegedly fixed within a day. But does it mean Zoom is safe now?
Those Were Bugs, But These Are Features
Every digital product is bound to have bugs. Those of Zoom were perhaps way too severe for a platform of such scale. But still, there was no ill intent behind them. However, Zoom’s users should be aware of various other problematic practices, which actually work as intended.
For one, despite being marketed as a strong proponent of privacy, it was reported that Zoom does not, in fact, provide end-to-end encryption, which makes all user calls vulnerable. What’s even more egregious is that Zoom was caught sending data to Facebook for advertising purposes.
As stated in the recent class-action lawsuit against the platform:
“Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. (“Facebook”), invading the privacy of millions of users.”
Once again, Zoom has promptly reacted to the controversy and removed that feature. But this begs the question: what else are we missing that’s wrong with Zoom?
Centralized Services Are Not Safe
So what should Zoom users do now? Go back to clunky Skype? Pay for Google subscription? Or plaster their webcams and talk in hushed voices around their laptops?
According to meticulous research done by James Lopp, the famous cypherpunk and co-founder of CasaHodl, Zoom is only a tip of the iceberg when it comes to weak privacy policies among centralized services. All the popular video conference services, including Google Meet, Skype and Snapchat, by design have many of the same glaring privacy problems as Zoom.
Unfortunately, this one field was not yet blessed by a secure decentralized solution. So the best we can do is to pick a service with strong encryption from Mr. Lopp’s list.
This article is a part of our Occupy the Internet series, where we review the current trends in the nascent decentralized web and cover the burning issues of privacy and censorship.
Subscribe to our Newsletter<
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- NEAR Co-Founder: Bitcoin’s Level of Security Isn’t Necessary for Most Blockchain Use Cases
- Voice Social Media App Goes Live, Dan Larimer Shares Glimpse of New World Order
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- “BigSpender” Exploit in Some Bitcoin Wallets Allows Attackers to Fake Transactions
- Blockstack’s Muneeb Ali: Bitcoin as the Most Secure Blockchain Will Be the Best Foundational Layer for Web 3.0