With the social distancing recommendations to combat the covid-19 pandemic, many people are being responsible by staying home and meeting online.
This has lead to rapid growth in videoconferencing services like Zoom whose daily subscribers have increased from 10 million in December to over 200 million in just 3 monthes. Zoom is a videoconference market leader in affordable and easy to use videoconferencing and quite recently were considered an attractive choice when compared to other videoconferencing service providers. However, they are getting even more scrutiny of their terrible track record of many security and privacy issues.
Examples of the serious security and privacy issues are: .
– Zoombombing where crackers have guessed meeting ids or used tools to join meetings they were not invited too.
– Zoom providing subscriber and guest information to Facebook even for people who don’t have Facebook accounts.
– Zoom making claims of having end-to-end encryption and privacy protection which are not true.
– Concerns about Zoom servers and employees in China (accessible and influenced by the chinese government) being used even for meetings in other parts of the world
Resources for more information:.
– Bruce Schneier has provided a concise summary.
1. Bad privacy practices.
2. Bad security practices.
3. Bad user configurations.
– John Gruber of Daring Fireball has heavily criticized Zoom management’s security and privacy incompetence and deception.
– Glenn Fleischmann on TidBits has a comprehensive detailed review of the many Zoom security and privacy issues.
Zoom has recognized the public relations disaster regarding their security and privacy and has announced that their engineering team has stopped all new feature development so they can focus on security and privacy fixes. Zoom has also promised transparency and truthfulness going forward on their planned security and privacy improvements. They are still making mistakes in their latest press releases about their plans and clearly have a learning curve to develop expertise in security and privacy.
It is not recommended to use Zoom for any meetings where there is an expectation or requirement for security and privacy.
Zoom meetings should be considered only slightly more secure than having public access and disclosure of your online meeting.
Alternatives to consider:.
– Webinarjam which uses desktop browsers but can host large webinars (e.g. 500+) and also has better marketing features.
– Demio supports mobile devices and is also suitable for larger webinars. It is recommended by Steve Dotto.
– Jitsi is a free service that could work for smaller meetings and is recommended by Bruce Schneier.
Check back for updates because information on this topic is rapidly changing .