As millions around the world have been confined, voluntarily or otherwise, to their homes, video conferencing platforms are having their heyday now with increased amounts of people using their services to connect with colleagues, friends, and family. Whether for school or for work, many of us are making use of such platforms like Cisco WebEx, Google Hangouts, Skype, GoToMeetings, Microsoft Teams, and Zoom.
Often when it comes to technology, with the wider audience, convenience wins against security. And Zoom, the platform of the hour at the moment, is undergoing a bit of a privacy nightmare as mass interest has attracted deepened scrutiny bringing to surface a host of privacy and security concerns.
Often when it comes to technology, convenience wins against security.
Aside from claims of Zoom’s E2E (end-to-end: where no outsiders, not even the company, would be able to intercept the information being shared) encryption being severely lacking, there are now ‘zoom-bombing’ attacks where hackers can enter chat rooms with just the link or generate a similar one of their own and listen in and disrupt the conversations taking place.
There have been instances where hackers took over a person’s computer, including their microphone and camera, if they had accessed Zoom using a Mac and also where the Windows version contained a bug that could be used to steal Windows passwords. There was also that time when it was discovered that Zoom was sending analytics data on its users accessing through the iOS app to Facebook for advertising purposes – this has since been fixed through an update.
Perhaps one of the most interesting issues was the one where hosts of Zoom calls could monitor the attention span of participants while screen-sharing, as they could track whether the Zoom window was open and in focus or not. If not open for more than 30 seconds, an indicator would appear next the participants whose Zoom windows were ‘inactive’.
There are now ‘zoom-bombing’ attacks.
However, this is not new. Video-conferencing platforms have always been riddled with privacy issues from the early issues with Skype, to Webex’s security concerns to the present-day debacle with Zoom. During this year itself, Cisco Webex attracted attention in early January when it was revealed that unauthorized strangers could access password-protected meetings which was then promptly addressed and fixed. Around the same time, it was also found that Microsoft, in a bid to improve its services, allowed contractors to listen to Skype call recordings with no established security measures in place.
Quite obviously, these are desperate times and remote working/access is the only go to for many people. Finding a Zoom alternative is difficult, especially considering how simple and accessible the platform is.
But does that mean you should stop using Zoom or video-conferencing platforms in general?
No, while these are grave concerns, the rise in privacy concerns for Zoom right now is primarily due to its increased popularity. And it is a good thing that there is an increased spotlight on these concerns as the pressure could help to fix some of these and keep user data even safer.
So, unless you are sharing state secrets or KFC’s signature recipe, there are a number of measures you can take to make sure you are in a better position when video chatting.
Zoom Specific Measures
- Password Protect Everything: You have probably seen Zoom calls now asking for passwords when joining, part of a host of measures taken by the company to ramp up security.
- Lock Meetings: Zoom now allows administrators to lock meetings, found in the “Manage Participants” tab.
- Don’t Share Meeting ID’s: Zoom has now stopped the meeting ID from being displayed during a call, but still, please stop sharing your meeting ID’s on social media – you’re making it harder than it should be, really.
- Enable Waiting Room feature: This is a great feature to make sure that the hosts control who gets to enter the meeting and who does not.
- Host Capabilities: Make sure screen-sharing is allowed only for Hosts and disable the ‘Join Before Host’ feature.
- Don’t Use Facebook Sign In: It’s 2020, and I can’t believe I have to say this, this is a really, really (and I cannot stress this enough), really poor way to sign in to any platform.
- Ensure That the Software is Routinely Updated: Security updates are key in making sure that you don’t miss out on any fixes they may have made for the highlighted issues.
- Turn off Default Video Sharing: Make sure that your video is not turned on by default every time you join a call.
- Avoid File-Sharing: You do not want to be at the end of malicious content, so whenever you host or attend a meeting, make sure to avoid sharing files unless necessary. And if required, try to use a secure service such as DropBox.
And if you’re still concerned, there are still plenty of more secure alternatives. For companies, there are many big names, but also Jitsi which encourages anonymity on behalf of its users. For personal uses, FaceTime and Signal are viable options, while Houseparty (no, it’s not hacking into your other accounts) could work for group calls. These are just suggestions, at the end of the day, regardless of what you use, the best advice is to always maintain a healthy amount of scepticism for any ‘free’ service you use online.
Stay inside and stay safe – both offline and online.