Executive Summary
With remote work in the USA at its peak during spring of 2020, so is the use of conferencing software and its accompanying paranoia. In this article, I talk about the recent buzz around Zoom's security flaws, and take a realistic look at its imperfections, the reasonable use cases of the software, and the expectations and alternatives we should incorporate and explore.
Why are people talking about Zoom?
During April of this year, several vulnerabilities have come into the public discourse about Zoom:
- Apple back-door
- Zoom Bombing
- Enabling your camera without your permission
- FaceBook Data Collection
- Video recordings exposed on the web
- Zoom's misleading claims about end-to-end encryption
But what no one asks is WHY Zoom is getting all this press. It turns out that Zoom is being sued by its shareholders for exposing some of its user's data to Facebook's Graph API without user's consent. Now ask me "Chuck, why doesn't that bother you?"
Well, let me ask you: Do you use Hangouts? Do you use Slack? Do you use Discord? Do you use goto meetings? How about Chime? Maybe Teams? Something you should know is that all of these platforms are aggregating your data using third parties, or for the use of third parties. For us to clutch our pearls that Zoom is doing this is somewhat churlish, in my opinion. The shareholder's problem wasn't that Zoom aggregated this data, it's that it didn't state it in the privacy policy. Let me ask you: have you ever, in your life, read a privacy policy, and made a decision whether to use a product based on that?
Let's be clear: The reason that doesn't bother me is because every platform you use is collecting, monetizing, and sharing your data without your consent. When you use a free platform, your data is the product. Expect it.
But is Zoom safe to use?
The short answer to this question is yes, but how safely are you using it, and for what purpose? I will continue to use zoom, because of the following criteria:
- The company is responsive to vulnerabilities. Since March 30, Zoom has issued patches and apologies in rapid succession. It's obvious the company has taken the lawsuits seriously, and is determined to secure their product
- The bug hunt is on. The publicity around Zoom has created a hot market for exploits and this, coupled with the company's response, means the future security of this product, for now, looks pretty good
- Good cyber hygiene is more important than a secure tool. Whatever product you choose, threat actors will attempt to exploit or interfere with it, your data might be leaked to third parties, or your stored files exposed to the public Internet. Your job as a consumer is to understand your tool and use it securely
- End-to-end encryption isn't a requirement for everybody. Do I prefer E2EE tools? Yes. Do I use non-E2EE tools? Yes. If you do need E2EE for your meetings, then Zoom is not the tool for you
The Bottom Line
The bottom line is that Zoom could be more secure, as could every single other conferencing application on Earth, including your cell phone. We are hearing about Zoom this month, not because it is any more or less vulnerable than its competitors, but because of a battle about its stock price. In the cyber Universe, forever and always, the tool will only ever be as secure as the person using it.
Meet responsibly.