Blog/Expert Analysis/

Everyone is mad at Zoom. Here's why.

Apr 08, 2020

zoom privacy

Zoom's incredible rise reveals the damning truth about the video platform. In this article, we will look at the explosive growth of the platform during the COVID-19 pandemic and the privacy issues that it revealed.

It's December 2019, 6 years after Zoom first launched as a video conferencing tool. After going public just a few months prior, the company is now worth over $9b. Around 10 million people use it for meetings every day. As COVID-19 begins to spread and the global workforce starts switching to a work-from-home model, Zoom becomes the go-to platform for thousands of companies and public institutions. Zoom user base explodes. The platform with 10 million users in December now has over 200 million active users.

But the dream quickly turns into a nightmare as cybersecurity experts and the media start pointing fingers at Zoom's vulnerabilities. What was the issue? A bit of everything, really. Like data collection, inadequate security measures, and concerning features enabling hosts to monitor the activity of the attendees. In other words, Zoom was not good enough. Other things were out of Zoom's control. Like kids inviting anyone to raid their class as a prank. But it all started with encryption.

Zoom's end-to-end encryption

Zoom advertised itself as a secure video conferencing tool, allowing hosts to secure their meetings with end-to-end encryption. What does that mean? It means that the data is secured from user to user, from end-point to end-point.

In NordLocker, when you secure your files and share it with someone else, only you and the recipient can access the content. No one else can ever know what's inside unless you share it with them.

But this is not how Zoom is encrypted. Despite advertising its end-to-end capabilities in their white paper, app, and website, Zoom did not offer this level of security. Meetings are encrypted between the host and the participants, but Zoom can still access the video and audio of every session. That's not only misleading, it's dangerous. Because, as we'll learn next, Zoom collected and shared the data of their customers with third-parties and put its clients at risk.

Note: At the time of writing, Zoom has removed the false claims from their white paper. The only instance of E2E encryption that Zoom offers is chat message encryption.

Weak security

Here are two issues. Due to poor meeting security, almost anyone can enter the meeting. So you had meeting participants, mostly kids and teenagers, inviting anyone to Zoom-bomb their video sessions. Reddit, Twitter, and Discord were littered with such invites to disrupt online classes and meetings. Some raiders streamed pornographic content; others used racial slurs and other inappropriate language.

But you also had hackers exploiting Zoom's vulnerabilities and stealing participants' personal information like names, passwords, emails, workplaces, and more.

Collecting user data

The first piece of news regarding Zoom's data sharing came from Joe Cox at Vice Motherboard. After doing some poking, he revealed that Zoom's iOS app secretly shared device data with Facebook, even if the user didn't have a Facebook account. Later reports showed that Zoom also shared user emails and usernames with LinkedIn.

Thousands of videos exposed

A recent article in the Washington Post reports that thousands of Zoom videos were exposed on the open web. The material includes deeply private meetings like therapy sessions, coaching calls, elementary school classes, and more. Some of these videos were even posted on YouTube. Zoom allows recording videos, but the host can choose where to store the data. It's worth noting that videos recorded and stored on Zoom's servers have not been affected.

But the video platform is not without blame. The reason why so many videos have been found comes down to the identical naming patterns that Zoom uses.

If you want to keep your recordings safe online, encryption is your best bet. Tools like NordLocker prevent anyone from snooping on your videos. As you control the access to files and folders, you know that no one without your permission will see your data, even if you store it on the cloud.

What's next for Zoom?

After all the backlash, Zoom posted an open letter explaining what went wrong. The company's CEO, Eric S. Yuan, emphasized the unexpected growth but thanked anyone involved that helped find various vulnerabilities. The letter also outlines the steps that Zoom has taken to strengthen its security.

It's a step forward. However, it's probably not the end of bad press for Zoom. Tesla was the first big-name brand to forbid their employees using Zoom, while Google was the latest. Schools around the United States are also moving away from Zoom.

As if that weren’t enough for E. Yuan, CNBC reported that three states — Connecticut, New York, and Florida — are launching investigations into Zoom. In a likely scenario, Zoom investigations may also reach an international level as the platform was a favorite for celebrities and politicians all over the world.

Should you use Zoom?

Ultimately, Zoom deserves praise for decisive action. They fixed most issues within days after receiving criticism. But is it good enough? It's safe to say that for many of its users, it is. Zoom is easy to use, free for meetings of up to 40 minutes, and offers handy features like custom backgrounds.

But if you're one of those users that will remain on the platform, make sure to secure your meetings with strong passwords, lock them to prevent unwanted guests, and use NordLocker to store and share sensitive information.

If you know any Zoom users, please share this article by clicking on the social sharing buttons below.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.