Zoom gained attention almost overnight because of the extended health-related lockdowns. As everyone had to work from home, companies with investments in Microsoft365 or GSuite perhaps already had communication solutions that could be tapped for running video and audio meetings. Their usage increased as people figured out ways to collaborate and talk.
Zoom gained because it seemed intuitive to use. It offered the it-just-works promise. You could create meetings with external partners, friends, social contacts without needing a per-user license of the solutions mentioned above. Another thing it offered was the ability to have a free 40-minute meeting each time. If you want a more extended session, then there are workarounds, or you pay for one of their plans.
So enterprises who preferred face to face moved to this service. Educational institutions conduct classes over zoom even as they contemplate whether they need longer-term investments. People evidently have liked this service.
Please make an informed decision after evaluating more services on offer. Understand the implications for your business and also keep a close eye on the issues that Zoom needs to resolve at a very rapid pace.
It is a relatively young company that is suddenly seeing global adoption. The technology decisions of this product may have brought about recent successes, but their resources and development practices are now under pressure. We’ve known software bugs in most of the tools and they get fixed within a time frame. Some of the security-related bugs get set sooner than others. It’s always this battle between features, stability and security that companies grapple with. I don’t expect this to be any different here. We’ll get to know about the scale and stabilisation story over some time.
At the time of writing the following issues are being discussed in the public domain. Some concern their privacy-related matters and some are technical bugs.
- Unnecessary Data being sent to Facebook via the Zoom iOS app – The company recently updated their zoom app to remove code that sent data to Facebook even if the user did not have a Facebook app. This was only updated after the issue was highlighted in public. Customers should consider it a red flag on their privacy and data practices.
- Stealing of Windows10 Credentials bug and workaround – Security researchers have identified a bug in the Windows Zoom application by which a user’s sign-in information can be stolen. There is a bypass until they fix this issue, but it needs experienced hands who can do it. Is your company in a position to implement these technical workarounds? Moreover, are the smaller companies even tracking these issues. Does it point to the company using unconventional practices that seem to be potentially jeopardising the safety of users or only a bug?
- macOS Installation bypass – Not so long ago, Apple had to run an emergency upgrade to their OS because of a Zoom app that left some services running on the machine. To their credit, whatever the internal discussions, there was no public spat, but the issue was fixed in a short period. Zoom has again been in the news for some installation bypass of the MacOS protocol. While technically not malware but these are practices of the malware community, and that can seriously jeopardise customer safety. The bug apparently can enable attackers to take over the webcam and microphone and even take access of the computer without the user getting to know. This is deeply concerning.
- No End to End Encryption of video – Zoom claims that the video transmission of a meeting is encrypted. This means no one can snoop on the contents of the meeting. This apparently is misleading or at least different from the way most people understand it. So you will have to make your judgement call for your business or institution. See this too.
- Zoom-bombing – In simple words, if people get to know your Zoom meeting id, they can have these uninvited and certainly unwanted guests. These people are known to share filth and use profanities. Once they have entered the only real way to throw them out is to close the meeting. You may think you won’t share the id. Still, there is a real possibility that people may actually try and replicate their number generating algorithm and automating the room entering process via the API. Assuming they do join and do not talk, they could merely be accessing information you don’t want to share or putting people at risk. . There are some safeguards to protect yourself from this.
The rush to put in place a connectivity solution has put one company in the spotlight. However, your evaluation for your stakeholders should cover the issues above in greater detail. But more importantly, you need to think about the safety of your information and your people even as you evaluate this tool and many other tools that you need in this rapid transformation of work and lives. Finally, this is a meeting or a video calling solution, your requirements may require collaboration between people, idea sharing platforms, linking with your knowledge platforms and transitioning your workflows to a new way. This needs a unified approach that brings everyone together without the complexity of multiple products or integration.
Security and Privacy Implications of Zoom
Photo by Allie Smith on Unsplash
Leave a Reply