Zoom wasn’t meant to become a consumer-grade product. It has been in the enterprise space since 2011 and until this pandemic most people have never heard of it. The monthly active users have gone from about 7 million to more than 200 million by some accounts. Because of this the company is under a microscope and it has a lot of fixing to do.
One of which is their messaging about how secure it is, as of right now. According to the website The Intercept zoom isn’t end-to-end encrypted.
The researchers [from the University of Toronto] … found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.The Intercept
The second part is even more concerning. The fact that there is a link back to the Chinese government means you should absolutely not talk about secrets of any type on Zoom.
In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect. We have since corrected this, and would like to use this blog post to explain how our system typically works, where our misstep occurred, and how we will prevent these kinds of problems in the future. We have also been working on improving our encryption and will be working with experts to ensure we are following best practices.
We appreciate the questions we are getting, and continue to work actively to address issues as we identify them. As video communications become more mainstream, users deserve to better understand how all these services work, including how the industry — Zoom and its peers — manages operations and provides services in China and around the world.Zoom Blog
Now, I’m not saying to stop using Zoom. What I am saying is be aware of its limitations.
Also lock it down.
Lately there has been a rash of Zoom Bombings, which is when bad actors invade public and private unprotected Zoom rooms and show/share/say nasty stuff. Zoom has released a blog post on what you need to do to protect your Zoom calls. Everyone should follow every point to the best of their ability.
At first the settings page for Zoom can be quite daunting, but if you take the time to secure your room right, you’ll have a much better experience.
In the end, is the Zoom platform perfect? No, not in the least. They are taking strides to make it more secure and robust for everyone to use. It’s on us, the public, to make sure we take our own security to heart and make it a top responsibility.