The Covid-19 pandemic has skyrocketed the popularity of Zoom. But there are growing concerns with its security. Is it safe?
The fundamental security problem with Zoom happens to be its greatest strength- convenience. Zoom is designed to be extremely convenient. You don’t need an account to use it. Just click on a link and it launches, whether on mobile devices or a computer. For meeting hosts, they don’t need to get people to sign up to any accounts, or to add them manually to any meetings. Best of all, Zoom just works, from small intimate meetings to large conferences.
Unfortunately, convenience is also Zoom’s Achilles‘ Heel.
There is always a trade-off between convenience and privacy/security. Systems that are extremely convenient are most likely to be insecure. Systems that are extremely secure are most likely to be a pain in the butt to use.
So, what do you need to bear in mind when using Zoom?
Preventing Zoom-Bombing or Gate Crashing
First, it is very easy to gate-crash a Zoom meeting. Anybody with the meeting ID or the meeting link can join your Zoom meeting. You can make it harder for gate-crashers by setting up a meeting password. But the next problem is, how do you ensure that the password is not leaked out? Furthermore, is your password too easy to guess?
Next, ensure that “screen sharing” is set to “Host Only.” I’ve joined a Zoom meeting where I accidentally shared a photo to every attendee. A troll can also do the same. This is called “Zoom-bombing”. Setting “screen-sharing” to “Host Only” will prevent it from happening.
Also, use the “waiting room” feature. It prevents new attendees from joining the call until the meeting host approves. This may be practical for small meetings, but for large conferences, it will be difficult to identify and let in every legitimate attendee.
Everything is On-The-Record
In face-to-face conversations, there are reasonable expectations that whatever you say are off-the-record.
You can’t assume the same for Zoom. Zoom meetings can be recorded. All the chats you typed in can be recorded.
So, if you do not want anything you say or type to appear months later in social media, don’t say (or type) it.
So far, a perfectly water-tight end-to-end encrypted multi-user web-conferencing product does not exist.
When I say “end-to-end encrypted”, I mean an encryption system that is so water tight that there is absolutely no technical way for even the product provider to eavesdrop on the conversation.
End-to-end encrypted solutions for messaging and one-to-one audio/video conversations exists (my book will show you which are the ones). But not for multi-user video web-conferencing.
Having said that, most web-conferencing solutions have some levels of encryption to keep your conversations private. Even Zoom (but security researchers have uncovered some encryption issues with it). But none of them are truly end-to-end encrypted in the purists’ sense. The closest to a truly end-to-end encrypted solution will be Apple’s FaceTime.
So, if you need to discuss corporate secrets, don’t use Zoom. If you want to discuss state secrets and your life depends on your conversations being absolutely private, don’t use any web-conferencing systems (unless you are the POTUS and has the resource of the NSA to help you).
But if you need to chat with your grandma or discuss boring not-so secret business stuffs, go ahead and use Zoom.
Software Security Flaws
There are news report of security holes in Zoom.
The truth is, all software have security holes. Zoom, due to its sudden popularity, now receives a lot more scrutiny suddenly. So, security researchers and hackers are now busy poking around Zoom. Therefore, you will see more reports of security flaws in the days to come.
For now, there is not yet any security flaws so critical that you should stop using Zoom immediately. If one is uncovered, you will hear from me.
What you need to do: You need to ensure that you update your Zoom app and web browsers because security problems will be uncovered.
Is Zoom in bed with Facebook?
There are news report that Zoom had passed on some information about their users to Facebook. While there are no clear and specific details on what those information are, one thing is clear.
Zoom was caught.
Therefore, they will stop doing it.