While Zoom, the videoconferencing application, has dominated our COVID-19 work-from-homes, a crucial alarm has been raised across the world concerning its bizarre privacy policies. A new word, ‘Zoom-bombing’ has emerged lately after private chat sessions were disrupted by online trolls where malicious people intruded video calls with racial slurs, swastika symbol and even pornography.
These security loopholes were first addressed in the US where the company is now facing lawsuits after an FBI investigation. It has infamously become a treasure trove of hackers where leaked details were available on the dark web for $5000. Another half a million exploits are available for as low as penny or less. Surprisingly, Defense Minister Rajnath Singh hosted a Cabinet meeting on the Zoom app on 1st April 2020. The UK Prime Minister Boris Johnson also called a Cabinet meeting on a Zoom call.
But let’s get an insight into the actual pattern. The Silicon Valley-based application launched its services in 2013 as a video-telephony and online chat platform. Complaints emerged in 2019 when it was revealed that it has secretly installed a latent web server on the user system which can facilitate the addition of the user to any call without his permission. New reports this month traced a bug that can allow a hacker to bypass the security of a user’s Mac device and let him access the webcam and microphone. Another feature allowed sharing of user data with Facebook (and possibly, other third parties, too) for advertising purposes even if the user does not have an account on Facebook. This further scarred the reputation of the mushrooming app when viewed in the light of the Facebook-Cambridge Analytica data scandal in 2018 for political advertising.
Another reason is the dubious privacy policy of the app which, first, ensured end-to-end encryption for all the video calls, a renowned feature of WhatsApp. It was revealed quite late that the end-to-end encryption is provided only for chats while video calls are secured by TLS encryption, a less secure kind of encryption that allows the parent company to access user’s information through its servers. An ‘Attention Tracking’ feature of this application has also sparked attention, which allows the host to know which participant does not have the Zoom screen on focus. The New York Times reported another infamous feature that automatically associates a user with his LinkedIn profile through his name and email, while the user is unaware of it. This has led to it be termed as bad as a ‘malware’.
Despite being engulfed in a series of controversies, Zoom saw a rise in daily meetings from 10 million users to 200 million in 3 months and crossed the 200 million mark in March with a 535% rise in daily traffic. The stock prices for the company skyrocketed 101% from January 31, a time when markets throughout the world were dealing with crunching blows. But a few days later, the company also saw a downward spiraling in its shares.
This wave of scrutiny, allegations, and lawsuits have turned Zoom into the eye of a hurricane. CEO Eric Yuan has issued a public apology and called on a 90-day feature freeze period for the app where no new features would be made available and the company would solely devote its time and resources to focus on privacy and the vague words surrounding its policies. He also ensured a weekly webinar to update the world on the company’s progress in the aforementioned direction. A periodic transparency report will also be issued by it, highlighting concerns related to user data protection, a method followed by tech giants like Facebook, Google, and Twitter.
The Ministry of Home Affairs, India, has also rolled out an advisory against the app, terming it ‘not safe’ for work.
The NCCC (National Cyber Coordination Centre) has released the above details on how to be safe from the shady privacy issues which include using new credentials for each meeting, screen sharing by host only, restricted recordings, locking of the meeting by the host after everyone has participated, disabling of File Transfer Option by the host, the host should end the meeting and not leave it, etc. Other countries like Singapore and Taiwan have temporarily halted Zoom services within their national borders, citing security issues. Google, Space X, and other tech giants have also restricted their employees from using the services provided by Zoom.
Wild speculations relating such security breaches to the benefit of China are also circulating worldwide because some American calls were routed through China due to the apparent ‘network congestion.’ While there are other alternatives in the market like Microsoft Teams, Skype, WhatsApp, FaceTime, Google Meet, etc, none of them provide as enhanced features as Zoom which include background change, face beautification, multiple participants, etc. But in the time of a pandemic walking over us, maybe Zoom isn’t going to be away anytime soon.
