With remote work in the USA at its peak during spring of 2020, so is the use of conferencing software and its accompanying paranoia. In this article, I talk about the recent buzz around Zoom's security flaws, and take a realistic look at its imperfections, the reasonable use cases of the software, and the expectations and alternatives we should incorporate and explore.
Why are people talking about Zoom?
During April of this year, several vulnerabilities have come into the public discourse about Zoom:
- Apple back-door
- Zoom Bombing
- Enabling your camera without your permission
- FaceBook Data Collection
- Video recordings exposed on the web
- Zoom's misleading claims about end-to-end encryption
But what no one asks is WHY Zoom is getting all this press. It turns out that Zoom is being sued by its shareholders for exposing some of its user's data to Facebook's Graph API without user's consent. Now ask me "Chuck, why doesn't that bother you?"
Let's be clear: The reason that doesn't bother me is because every platform you use is collecting, monetizing, and sharing your data without your consent. When you use a free platform, your data is the product. Expect it.
But is Zoom safe to use?
The short answer to this question is yes, but how safely are you using it, and for what purpose? I will continue to use zoom, because of the following criteria:
- The company is responsive to vulnerabilities. Since March 30, Zoom has issued patches and apologies in rapid succession. It's obvious the company has taken the lawsuits seriously, and is determined to secure their product
- The bug hunt is on. The publicity around Zoom has created a hot market for exploits and this, coupled with the company's response, means the future security of this product, for now, looks pretty good
- Good cyber hygiene is more important than a secure tool. Whatever product you choose, threat actors will attempt to exploit or interfere with it, your data might be leaked to third parties, or your stored files exposed to the public Internet. Your job as a consumer is to understand your tool and use it securely
- End-to-end encryption isn't a requirement for everybody. Do I prefer E2EE tools? Yes. Do I use non-E2EE tools? Yes. If you do need E2EE for your meetings, then Zoom is not the tool for you
The Bottom Line
The bottom line is that Zoom could be more secure, as could every single other conferencing application on Earth, including your cell phone. We are hearing about Zoom this month, not because it is any more or less vulnerable than its competitors, but because of a battle about its stock price. In the cyber Universe, forever and always, the tool will only ever be as secure as the person using it.