Between the millions working from home and people simply trying to stay more connected with their friends and family, video conferencing tools have never been more widely used. One of the most popular of these tools right now is Zoom. People are flocking to the video conferencing app in huge numbers… but there’s a contingent that justifiably questions both Zoom’s security and privacy policies. That’s why, in this article, we’ll be looking into the question, “is Zoom safe?”
The short answer is, that, as with many online services, we’re asked to make some privacy trade-offs in order to gain access. We can’t say whether the trade-off is reasonable or not, but we can offer some insight into some of those privacy concerns.
Zoom is a cloud-based service that enables you to virtually meet with your friends, family and colleagues through video or audio-only calls. The tool also enables you to simultaneously share your screen, engage in live messaging chats and record meetings as you see fit.
The basic version of the software is free, and enables you to host unlimited one-on-one meetings and host video conferences of up to 100 people, for up to 40 minutes. Beyond this, there are a series of tiered plans which are tailored according to the size of your team or business.
For starters, Zoom has faced some scrutiny for the amount of power that its software grants the person hosting the call. For example, while screen-sharing, the host of a Zoom call can check in on whether participants have the Zoom window open. But as long as you’re paying attention, that’s no big deal right?
Well, what’s more troubling is the information and abilities that Zoom gives to administrators. If any user within an organization records a call on Zoom, their admins automatically have access to the contents of that recording. They are also able to join any call at any time, within their organization’s iteration of Zoom, without any warning or consent.
Additionally, Zoom allows administrators to view the operating system, IP address, location data and even device information for each participant. This is something that many view as a fairly fundamental privacy breach.
In the past, hackers have been able to expose some flaws in Zoom’s security systems. These included instances where attackers were able to turn on someone’s webcam without their knowledge, remove attendees from meetings, and fake messages from users.
More recently, there have been reports of a vulnerability that allows malicious actors to steal Windows login credentials from other users.
Finally, there’s the question of encryption.
It turns out that Zoom doesn’t support end-to-end encryption on their audio and video content, at least in the commonly understood meaning of the phrase. Instead, they rely upon something known as “transport encryption.”
Without end-to-end encryption, Zoom has the technical ability to access private video meetings and could be forced to hand over recordings of calls to law enforcement if they were legally requested. In short, your private and personal Zoom calls could very quickly become a lot less private.
Zoom released a blog post accepting that there had been certain failings on their part to ensure the security and privacy of their users. They went on to say that they were taking these failings seriously and intend to dedicate significant resources in order to resolve these issues.
Their plans include shifting all their engineering resources to focus on their largest trust, safety and privacy issues, conducting a review alongside third-party experts and enhancing their bug bounty problem.
Despite these security concerns being fairly widely reported, people are continuing to use the tool in their millions. But should you be one of them?
Ultimately, that’s your call.
Zoom has had a pretty suspect history with security. They do, however, claim to have rectified most of the issues mentioned above that relate to external foul play.
Their data privacy issues are another matter.
The lack of end-to-end encryption is obviously the biggest concern, but the amount of power Zoom gives its administrators will also be a worry for many people.
We strongly recommend that you think carefully about what personal information you are willing to share, and with whom, before you download Zoom and hop on a video call. That said, it does sound as though the Zoom team is taking these issues seriously and will continue to work on resolving its shortcomings as the platform grows.
If you decide that you aren’t willing to make the privacy sacrifices that Zoom demands, then fear not! There are plenty of alternatives out there like Google Hangouts, Skype, Facetime and Discord.
If you are concerned about privacy, make sure you do your research carefully before picking a service. Many of Zoom’s competitors have faced similar scrutiny over the years.
If you do end up using Zoom, just keep in mind that due to the ambiguity of their privacy policy, there’s technically a chance that you could be speaking to someone other than the person on the other end of your call. So maybe save planning your next bank heist for a face to face conversation?
Do you use Zoom? Let us know in the comments below!