Zoom and Doom
Zoom’s widespread use has led to questions about the app’s security.
—With a majority of the world in quarantine as a response to the outbreak of COVID-19, life has largely shifted to become more virtual with the use of conference calls and online meetings. Several applications are available, but none have skyrocketed in popularity more than Zoom.us. In just four months, Zoom’s clientele has grown more than it did in the entirety of 2019, with an estimated 2.22 million new users. It’s growth, however, has raised questions about its security and handling of private user data. Zoom offers an invaluable service in the midst of an unprecedented pandemic, but its security flaws are inexcusable and dangerous.
In March, a class-action lawsuit was filed against Zoom for collecting data off user devices and sending it to Facebook. The lawsuit came after a report found that Zoom’s iOS app sent analytics to Facebook regardless of whether or not the user had a Facebook account—a not entirely uncommon practice, but one Zoom neglected to tell users about in its privacy policy. Additionally, research suggests that Zoom sends encryption keys to servers in Beijing, China, whether or not the calls were based in China. Users have also complained about Zoom’s lack of disclosures about what it records and what hosts can see, with an outcry centered around the realization that hosts can later view private messages sent between meeting attendees.
Just a by the by: “private” messages sent to individual people during a Zoom meeting show up in the end-of-meeting transcript along with all other public messages.
Tell your friends, save a life.
— Christian Moriarty (@MoriartyCR) April 3, 2020
Zoom has also faced scrutiny in the face of a new phenomenon called “zoombombing,” in which people join random Zoom meetings and derail the sessions through broadcasting graphic content or filling the chats with hate speech. Notably, a virtual synagogue was targeted with anti-semitic language, pornography was broadcasted at a Zoom session for Concordia Forum and a virtual meeting for Alcoholics Anonymous was shown gifs of drinking. Forums on Reddit, Instagram, and Twitter were used to plan and promote zoom raids after either figuring out a meeting ID and password or being provided a link. The concern over the threat of Zoombombing has prompted an FBI warning, Democratic lawmakers to call for an investigation into Zoom and a total ban of use in Taiwan and New York City.
#FBI warns of Teleconferencing and Online Classroom Hijacking during #COVID19 pandemic. Find out how to report and protect against teleconference hijacking threats here: https://t.co/jmMxyZZqMv pic.twitter.com/Y3h9bVZG30
— FBI Boston (@FBIBoston) March 30, 2020
Zoom has since created a virtual waiting room that allows hosts to moderate who joins, but for large groups such as virtual religious services, this solution is unhelpful. In a blog post, Zoom CEO Eric Yuan stated that its security flaws were a consequence of being unprepared for such widespread use, but the fact remains that these issues should have never existed in the first place.
Despite its popularity, Zoom is not the only option for hosting virtual meetings—and, based on its concerning issues, it shouldn’t be. For now, with backlash forcing Zoom to improve its security, it’s on track to become a safe choice, but until then, there are many alternatives that provide a more secure and safe experience