Zoom: with popularity comes scrutiny

Print Friendly, PDF & Email

woman in a meeting

Zoom is finding out that with greater usage comes greater scrutiny.

For those few who have not been in confinement recently because of Covid-19, Zoom is a video conferencing provider. During the pandemic, the number of daily users exploded, from 10 million in December 2019 to an impressive 300 million by April 2020.

In November, the U.S Federal Trade Commission (FTC) announced a settlement with the company, requiring the company “to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.”

The FTC had three main issues with the company, namely:

Zoom Lied A Lot

The FTC stated that Zoom lied for years about the end-to-end encryption of its video conferencing services.

The company was supposed to offer 256-bit encryption that would prevent the company from accessing meetings. Instead, the company could access customers’ meetings using a “cryptographic key” because Zoom only provided a low level of encryption. They partially fixed the issue in October, providing end-to-end encryption to most users (but also losing important features, and you have to enable it manually on a per-meeting basis…).

…and to Mac

In 2018, Zoom secretly installed a webserver on Macs that downloaded its software. This would re-install the Zoom application even if you had deleted the software. Worse, it would also let websites spy on these Macs’ users. Zoom issued an update in July 2019 to remove the webserver from every Mac.

…and to You

Lastly, Zoom misled customers when they promised to store meetings immediately in encrypted form, which was not always the case. Meetings were sometimes unencrypted for up to 60 days before being moved to their secure cloud storage.

As a settlement, “Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base”. They also agreed on security monitoring. But there will not be any compensation for affected users, even if they are paying customers.

Should we blindly trust every company and the software that they provide, often for “free”?

Zoom was caught this time under scrutiny. And it may not be the last.

Further Reading:

Virtual Job Interviews: How to Prepare and Succeed by Addison Holmes

Sources:

Arun Karunakaran Arun Karunakaran

Ingénieur en IT depuis plus de 8 ans dans diverses industries, j’ai travaillé dans les principaux domaines de l’infrastructure: réseaux, systèmes, télécommunications et sécurité. Je me suis également récemment orienté vers la gestion d’équipe et de projet informatique.

Being an IT Engineer in various industries for more than 8 years, I have worked in most of the infrastructure's fields: networks, systems, telecommunications and security. I have also recently leaned towards IT team and project management.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.