Zoom, the now ubiquitous conferencing app, has achieved mass adoption in the past few months.  Thanks to the coronavirus quarantine, video conferencing is being used for almost any  type of human interaction from exercise sessions to executive conferences and everything in between including religious services, public school classes and networking cocktail hours.

The result is that the 10 million daily users who had participated in Zoom meetings at the end of 2019 shot up to 300 million by the end of April 2020.  And the term “zooming” has become synonymous with video conferencing. Now this increased usage has brought additional scrutiny to the platform's security and policies, exposing several problematic privacy issues.

Notoriously, the application doesn’t require a password by default for meetings. Even when a password was required, it could be easily discovered. This was proven when a computer program was released to scan and guess the passwords of dozens of live meetings per hour, enabling a  practice called "Zoom-bombing." Zoom-bombing occurs when an uninvited guest accesses a video conference to disrupt the activities of legitimate participants.

Another issue is that Zoom encryption policy does not include end-to-end encryption and allows Zoom to access audio and video from meetings. Plus, some encryption keys are produced from servers located in China. Since Zoom may have an obligation to share these with Chinese authorities, this could mean that audio and video from private meetings might be decrypted and viewed by a foreign government. The low encryption standard is a particular concern for those working on sensitive projects and recently prompted a group of researchers at University of Toronto to report that Zoom is "not suited for secrets."

Various other privacy concerns have arisen as well. These include allowing some Zoom hosts access to data about meeting participants mined from LinkedIn Sales Navigator. This data can be obtained without explicitly requesting permission and can include the participants’ real names, employers, job titles and locations. This breech can occur even when a participant’s real name isn’t shared in the meeting.  Additionally, the Zoom iPhone app forwarded users' data to Facebook until news reports prompted Zoom to end the data sharing agreement.

In order to resolve some of these issues Zoom has updated its services and is requiring an upgrade to its software on computers and mobile phones. By May 30, Zoom users must upgrade their apps to version 5.0 or newer or they won't be able to access the service. The new version includes better encryption (but not end-to-end encryption) plus additional privacy and security controls.  Passwords are now required for all meetings and will be more difficult to guess. In addition, "waiting rooms" are enabled by default and screen sharing is restricted to the meeting host and co-hosts. Meeting hosts will be able to remove a participant and prevent them from re-entering the meeting.

Zoom has made video-conferencing so convenient that its use is becoming a business and even personal norm. Given the current challenges we’re all facing regarding healthcare and the economy, the likelihood is we’ll all continue to use it for a long time to come. Fortunately, Zoom applications are built to upgrade automatically but if your Zoom hasn’t yet done so, you can download the upgrade from https://zoom.us/download. Rest assured, the makers of this innovative software will no doubt continue to improve their product over time and we will continue to benefit from the ability to “zoom” online with an increased level of security.

Neal Wankoff
President of Prairie IT Services Corp, Oak Park, IL
Assisting Small and Medium Sized Businesses with Technology