In this time of social distancing, many people are searching for ways to connect by video conferencing and Zoom.us has become one of the popular choices. However, lately there have also been revelations that Zoom security is a huge problem.
I have used Zoom for quite a while now, being part of a mostly web based team, and so I was both concerned and curious about the truth behind these bombshells.
I decided to do some research on my own and these are my personal opinions and understanding of the situation.
The China Connection
One area people have been REALLY concerned about is that the Chinese are stealing all our data and personal information through Zoom.
As far as I can tell, the likelihood of this being the case is pretty low. YES there is (was?) a connection to China in that previously in some very specific situations when the Zoom platform got overloaded, they rerouted the datastream through their datacenters located in China. This does NOT mean that the Zoom app was stealing your personal information and sending it to the Chinese authorities. What it DOES mean is that there is a very remote possibility that some Chinese authority might be able to watch you talk to your grandkids on Zoom. BUT that’s only if they pressured the Zoom company to hand over the encryption keys and had tied in to the Zoom data stream for your conference. AND (I think) they would have had to show up as another participant in the meeting. (not sure on that one)
Suffice to say though, the Chinese authorities aren’t stealing your credit card numbers and banking information through the Zoom app. (though it’s entirely possible they could do it in other ways hitting you through far more vulnerable areas)
The Encryption Problem
They say the connection isn’t encrypted. Isn’t that bad?
Again, as far as I can tell, the key phrase here is “end-to-end encryption”. Yes, as far as I can tell, the Zoom connection IS encrypted. However, it’s not encrypted without gap all the way from you to your grandchild. Rather, it is encrypted between your computer and the Zoom server. And then also encrypted between your grandchild’s computer and the Zoom server. Zoom holds the encryption keys to control the encrypted connection.
This actually IS a problem, but more related to how people have been using Zoom, rather than an issue with Zoom itself. (ok, there are issues there too, but let me explain)
Zoom basically acts like a conference center. Anyone with the address could potentially come to the conference. The problem is, for most of the conferences, there was no receptionist (bouncer) at the door. So, people could just drive by, see that there was a conference, come on in and cause problems.
Zoom has fixed this issue recently by adding passwords to the rooms by default. So now you have to know the password to come into the conference.
So, these are the issues I’ve identified so far. There may be others. Feel free to leave your thoughts in the comments.
For myself, I’m not going to stop using Zoom. It’s a very handy tool with very good video capacity for both small coding sessions as well as large scale conferences.
Of course, I’m not handling huge trade secrets or discussing the overthrow of govt’s. I just want to talk to my coworkers and get work done together.