With most of the country under a stay at home order turned into a prison, people are turning to video conferencing software to socialize. With all of the available options out there somehow the worst possible option has become the most popular (which seems like the overarching theme to our current crises). Zoom appears to have become the most popular video conferencing software for people imprisoned in their homes.
Don’t use Zoom.
Why? First, the company uses misleading marketing. If you’ve seen some of the company’s marketing, you might be under the mistaken impression Zoom video conferences are end-to-end encrypted. They’re not. But that’s the tip of the iceberg. A while back Zoom pulled a rather sneaky maneuver and installed a secret web server on Macs, which was supposedly meant to make using the software easier for Safari users (the claim was bullshit). Apple wasn’t amused and removed the software via an update. Zoom did remove that functionality, but the software still had surprises in store for Mac users. It turns out that it contained a security vulnerability that allowed a remote attacker to access the computer’s webcam and microphone… oh and provided them with root access. Don’t worry Windows users, Zoom didn’t forget about you. The Windows version of Zoom contained a vulnerability that allowed attackers to steal system password. And so everybody could suffer equally, Zoom made it easy for randos to join supposedly private video conferences.
I’m not even done yet. Zoom also leaked users’ e-mail addresses and photos to randos and, until it was caught, was also selling personal data to Facebook.
So I reiterate, don’t use Zoom.
I forgot about the Mac thing.
The fact that people will jump on the latest new thing without hesitation is annoying. You shouldn’t have to be tech inclined to wonder if connecting a WiFi “smart” bulb up to your network is a smart thing to do. But here we are. Because flipping a switch is just so difficult. And trusting the new hot thing is just so easy.
New York City schools just banned Zoom over security issues.
Information rich post by Bruce Schneier:
https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html