While many people work from home during the Covid-19 crisis, the Zoom video conferencing app is booming. According to figures released at the end of February, Zoom has gained more than 2 million users to its app so far in 2020, more than in the whole of 2019. But Zoom users now have reason to worry about the privacy and security of the app.
In some circumstances, it turns out that several people in your meeting might read your private messages. One Twitter user wrote: “If you organize a meeting via Zoom and use the chat function to write to someone in private, your colleagues may not see it in real time. But it will appear when the chat is downloaded and placed in the minutes folder.”
When Zoom was asked if Twitter’s assertion was true, a spokesperson explained, “If a host chooses to record a Zoom on the Cloud meeting, only cats sent publicly (to all meeting participants) are backed up.”
However: “If a host chooses to record a Zoom meeting locally, the publicly sent chats, as well as any private chat exchange that the host who chose to record the meeting participated in during the session, are backed up.” If you’re a host on Zoom, it’s worth checking before allowing others to access the folder.
Privacy and security: a bad week for Zoom!
While waiting to see the outcome of the lawsuit, Zoom is the subject of a class action lawsuit after it emerged that the company was sharing data with Facebook, Vice News reported.
Zoom’s “misleading” claims about end-to-end encryption
Another problem with Zoom is its assertions that the videoconferencing application is encrypted end-to-end, in other words, no one, even Zoom, can read your discussions. But according to a report by the online news site, The Intercept, which calls the claims “misleading,” Zoom “uses its own definition of the term, which allows it to access unencrypted videos and audio files at meetings.”
This is despite the fact that Zoom claims on its website that audio-connected meetings are encrypted end-to-end. Instead, the company offers transport encryption, or TLS, which is the same technology used by web servers to secure HTTPS websites.
This means that the connection between your app and Zoom’s server is encrypted, but Zoom could, if it wanted, access the data. The app stressed that it does not directly access user data, exploit it or sell it. And it is quite possible that the company’s policy simply confused the two types of encryption. However, as such, this assertion about confidentiality and security is misleading.
Zoom’s problems never ends
It seems that there is no end to Zoom’s problems, and it is certainly difficult to trust the fast-growing video conferencing application. But these problems also underscore the importance of researching when using a new app or service. There is a reason why these tools are free.
“As video calls multiply, we really need to move away from this new normal and look at privacy issues related to free apps,” says Jake Moore, cybersecurity specialist at ESET. “We need to remember that the app is free and that a lot of information is shared without our knowledge, which is actually the price to pay for using the platform.”
The Zoom app is so functional and difficult to match, at least from a commercial point of view and for discussions of large groups. The Houseparty app is also gaining popularity, and stories about a possible hack have been discredited. Then you should try for private messages. Just make sure to lock the tool first with settings such as “private mode.”
Moore advises people to use privacy-focused platforms, such as Signal, for encrypted messages and calls.
The Signal tool is probably the best choice, and FaceTime is a good tool if you have an Apple device. You can also try a new open source app called Jitsi, which is easy to use and fairly secure, at least for video calls.