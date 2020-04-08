Since many of us started working from home on the coronavirus pandemic, I have been invited to countless meetings taking place in Zoom, the video conferencing application. Virtual happy hours, business meetings, dinners, whatever.
I haven't introduced myself, and it's not just because my hair has grown embarrassingly long. It is because I have a fundamental problem with Zoom.
Let me first say that I understand why Zoom has been so popular in the pandemic. The company designed its application to be free and extremely easy to use; In technological jargon, we call it "frictionless." Even our friends and family with zero technical knowledge can join a Zoom meeting by simply clicking on a link. So, voilà, you are looking at a screen with familiar faces and you can start chatting.
At least 200 million of us, desperate to see people outside our homes, now use Zoom, compared to 10 million a few months ago. Many of us use it for free, although Zoom also has a paid product. For many of us, it is a lifesaver to see and chat with a friend or relative.
But for the past year, I have been cautious with the app. Zoom has had multiple privacy issues in that period, which have arisen so frequently that they became a Whac-a-Mole game.
The missteps included a weakness that would have allowed the malware to connect to Zoom and hijack our webcams. Problems with basic security practices culminated in "Zoombombing," in which trolls blocked people's video meetings and bombarded them with inappropriate material such as pornography.
In a blog post last week, Zoom CEO Eric Yuan apologized for all the mistakes, saying the recent issues had been largely addressed. The company promised to focus on solving its privacy and security problems in the coming months; He reiterated the plan on Wednesday.
If there is something déjà vu about all this, you are not mistaken. This is because we find ourselves dealing with the same situation over and over again, focusing on the convenience of easy-to-use technology products on topics such as data security and privacy.
We recently went through this with Ring, the doorbell camera, another product with a striking name. Ring, owned by Amazon, became popular during another horrible situation: a spike in package theft misdemeanor. It was also easy to install. But despite enthusiastic customer criticism, Ring was embroiled in privacy scandals, including one that involved hackers who hijacked Ring cameras from various families.
The lesson is one that we must learn and relearn. When a company does not protect our privacy, we should not continue to use their product, and tell the people we care about to use it, just because it works well and is easy to use. Once we lose our privacy, we rarely get it back again.
"There is a revolving door," said Matthew Guariglia, a policy analyst with the Electronic Frontier Foundation, a digital rights nonprofit. "When you hand over your data to a company, you have no idea who else will have access to it, because much of this happens behind the black box of company secrecy."
Certainly the responsibility lies with Zoom, not us, to fix your application's privacy and security issues. But we can put pressure on Zoom by not accepting the situation. If you use Zoom, do it with caution and with a solid security configuration. More on this later.
Zoom privacy and security issues
Let's first take a closer look at why Zoom has been under the microscope. The problems come down to two main things: your privacy policy and your security architecture.
Zoom privacy policy
Zoom recently announced that it had revised its privacy policy to make it clearer and more transparent. In it, the company emphasized that it does not sell and has never sold people's personal data, and has no plans to do so.
But the policy doesn't address whether Zoom shares data with third parties, as companies like Apple and Cisco explicitly state in their privacy policies.
This is a notable omission. Technology companies can monetize user data in many ways without selling it directly, including by sharing it with other companies that mine the information for information, according to research published by the M.I.T. Sloan School of Management. In some cases, tools to collect user data are "rented,quot; to third parties. Such practices would technically make it a reality that your personal data was not "sold,quot;, but a company would still make money from your data.
Lynn Haaland, global compliance and risk officer for Zoom, said the company does not anonymize or aggregate user data or rent it for money.
So why is this not addressed in the privacy policy?
"We try to be clear here about what we do with the data," Ms. Haaland said of the updated policy. "Sometimes when you try to list all the things you don't do with the data, if you leave one, people say, 'Oh well, you must be doing that.'"
Zoom security flaws
While Zoom has worked hard to plug the security holes that have emerged in recent weeks, its products for Windows and Mac computers have weaker security by design.
This is mainly because the company chose not to provide their app through Apple's official Mac app store or Microsoft Windows app store. Instead, consumers download it directly from the web. In this way, the Zoom software avoids living in an environment called sandboxed, which would have restricted its access to the Apple and Microsoft operating systems.
As a result, Zoom can gain access to deeper parts of operating systems and their web browsers. That is largely what makes Zoom sessions so easy to bring together.
By choosing to bypass safer methods to install its application, Zoom has opted for a weaker security architecture, said Sinan Eren, CEO of Fyde, an application security firm.
"They want to make the installation process much easier and streamlined, but at the same time they want deeper hooks in the operating system so that they can collect more things," he said. "That also exposes us to possible vulnerabilities."
Zoom declined to comment on its security architecture.
Use Zoom at your own risk
So what needs to be done? In these tough times, many of us have no better option than to use Zoom. Here are some steps to keep in mind.
-
Use Zoom with caution. In general, it is safer to use Zoom on a mobile device, such as an iPad or Android phone, than on a Mac or Windows PC. Mobile applications operate in a more restricted environment with limited access to your data. Additionally, applications served through the App Store or Play store undergo a review process by Apple and Google that includes an inspection for security vulnerabilities.
Also, be sure to turn on Extend security settings, such as meeting passwords, to prevent unwanted guests from zooming in on your sessions.
Last but not least, keep in mind what it means to tell others to use a product with little data security. Try to avoid using it for sensitive matters, such as business meetings that discuss business secrets.
-
If you are concerned about privacy, try an alternative. There are video chat tools from companies with better reputations, such as Google Hangouts, Cisco Webex and FaceTime for Apple devices. These products may not be as easy to use as Zoom, but they work and you can worry less.
Just because a product is great is simply not good enough if it is lousy to protect our privacy. It seems that many people have already learned this lesson and reacted accordingly. Elon Musk's rocket company, SpaceX, prohibited employees from using Zoom. The New York City school district recently banned Zoom for online learning.
And we? It may also be our turn to pause.