There is no doubt that Zoom is possibly the most widely used program at the moment, with many companies around the world switching to the video-sharing app to run their meetings and drive a lot of their business conversations. This sudden reliance on the tool though has put into light a few issues around Zoom that perhaps showcases it might not have been ready for the responsibility of trust that has been thrust on it.
Firstly, earlier this week we received news that a recent patch was used to fix a problem with the iOS app sending unsolicited data directly to Facebook. A new report from Vice is suggesting that the problem is a lot deeper than initially believed, with the company actually leaking some personal details like email addresses, which is not what everyone was initially led to believe.
While the iOS app did leak certain details, there is also a problem with the company’s use of active directory setting which groups people within the same domain together. While this works great for companies to ensure everyone belonging to the same company is grouped together, they have also organised certain people together who accessed meetings by using their personal accounts that fooled Zoom into thinking that they belonged to the same company. It was merely just their ISP extension, with the investigation identifying the following Dutch extension in particular having this issue: xs4all.nl, dds.nl, and quicknet.nl. The company claims they have since rectified the issue, but it does indicate that when other companies are not managing the active directories themselves, that Zoom is having some difficulties.
That is perhaps not the worst of the issues though because while the company claims on their website that they fully support End-to-End encryption, a further investigation from The Intercept has revealed that this may not actually be the case. While its chats appear to support full end-to-end encryption, this is actually lacking on the vide side of thing.
Zoom does use TLS encryption on its videos – the same standard that web browsers use to secure HTTPS websites – which means, in practice, that data is encrypted between you and Zoom’s servers. But the term end-to-end encryption typically refers to protecting content between the users entirely with no company access at all, something which is missing as Zoom can still decode the videos should they choose. So, while your business calls may be secure to outsiders, the fact that Zoom could potentially listen in on it should they choose to is concerning.
The Intercept did speak to Zoom, who revealed that it only collects user data that it needs to improve its service, including IP addresses, OS details, and device details, and doesn’t allow employees to access the specific content of meetings. It also said that it doesn’t sell user data of any kind. That it is still misleading people with its interpretation of full end-to-end encryption though is concerning.
The company will probably still thrive now despite these concerns, but it does reveal a certain lack of integrity that is now coming under scrutiny the more widely sued it gets. Are you using Zoom? Do you think it’s excellent in the video-sharing side makes it a lifesaver during these times or is its dominance just leading the company to become the next Facebook with a poor level of ethical morality?
Last Updated: April 1, 2020