Every cloud has a silver lining, it is said...well that being the case, it's certainly proving true for the video conferencing software company, Zoom, during these days of social isolating and working from home.
However, as serious concerns have been raised about a multitude of issues with the app and particularly it’s data handling, it does appear that the worm may have started to turn!
Started in 2011 by Eric Yuan, who emigrated from the PRC to the USA when 27, Zoom has grown into a forerunner in the vid-conferencing field and proven to be a keen competitor to the likes of Microsoft Teams and Skype.
And although Zoom has become a much better known service since the world went into lockdown, it has, in fact, seen its star rising for many years. When it debuted on the stock market last year, it was valued at $15bn and that had risen to as much as $38.5bn before the virus hit the markets.
However, amidst all of this supposedly good news for the company there has been an increasing slew of bad PR generated in some part inadvertently. For instance, when the First Minister of England was diagnosed as positive for Covid-19, he took to Zoom as a means to continue to conduct Cabinet business. Needless to say there was uproar from the cyber-security community into which even the UK's MoD (Ministry of Defense) were drawn. This in turn led the BBC to investigate the claims and the whole thing blew up spectacularly online and in public.
Zoom has had many security issues in the past, these have included a flaw that allowed the removal of attendees from meetings without their knowledge or permission, spoof messages from users, the hijacking of shared screens, Mac users being forced into calls without their knowledge and having their webcams turned on without their permission.
It even made an unwanted appearance on the recently added segment on Chris Cuomo’s CNN show entitled ‘Ameri-cans and Ameri-cants’ where he highlights the good and the less good things happening presently in the USA. Zoom were called out for a flaw in their operating set up (as opposed to a code or hack issue) that allowed 3rd parties in inject unsolicited content into Zoom broadcasts.
Many have felt for a while that the company has demonstrated a somewhat blase attitude towards security.
"Zoom has had a chequered history, security-wise, with a number of instances where one has had to question whether it really gets it when it comes to users' privacy and security"
Stated cyber-consultant Graham Cluley recently.
Even if you don’t have an account with Zoom, but use their service, they will still collect and keep data on you like your device type and IP address.
The company collects information from your Facebook profile (if you use Facebook to sign into it) and any “information you upload, provide, or create while using the service.”
Some of the data you provide yourself when you sign up (for example, to join a call, you must do so by giving your email) but much is collected automatically by the Zoom app.
The Zoom iOS app has then been sharing a significant amount of your data with Facebook, (even if the user doesn’t even have a Facebook account). This includes your device’s unique advertiser identifier. Companies and online trackers use this piece of information to target you with ads. And this is all part of Zoom's cozy arrangement with so-called adtech!
So what do they need to fix?
Here’s the thing: Zoom doesn’t need to be in the advertising business, least of all in the part of it that lives like a vampire off the blood of human data. If Zoom needs more money, it should charge more for its services, or give less away for free. Zoom has an extremely valuable service, which it performs very well—better than anybody else, apparently. It also has a platform with lots of apps with just as absolute an interest in privacy. They should be concerned as well. (Unless, of course, they also want to be in the privacy-violating end of the advertising business.)
So stated Dr Serle on his weblog dated March 27th 2020
What they are doing about it
Company CEO, Eric Yuan, has stepped up to the plate and not only instigated a bold defense of his company's security protocols (mainly by citing all the other large corporations and national security agencies that use his service...however, we'll look at that another time) but by setting about deactivating the Facebook data sharing.
So we say, it's a good start, well done, now can you sort all the other stuff whilst you're on a roll?
it is only right that we suggest an alternative system for your use, so how about good old FaceTime, or Nextcloud (more on this app in the Privacy Cookbook this coming Friday) or any of the following privacy-focused messengers: Discord, Riot or Signal...all have a vid-conf feature.