cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Is Zoom conferencing safe to use or not?

Hi All

 

According to "The Intercept" Zoom has some issues, which can result in data leakage, privacy and apparently has encryption issues.

 

Does it have issues, during this crisis, as it is being actively used even by New Zealand Government agencies too for updates: 

 

https://theintercept.com/2020/03/31/zoom-meeting-encryption/

 

https://www.businessinsider.com.au/zoom-privacy-issues-fbi-facebook-data-sharing-2020-3?r=US&IR=T

 

https://arstechnica.com/tech-policy/2020/03/zooms-privacy-problems-are-growing-as-platform-explodes-...

 

Or does someone have an agenda against the company?

 

Regards

 

Caute_cautim

49 Replies
Caute_cautim
Community Champion

And more comes out of the woodwork:  Apparently NZ Government stated one could use Zoom up to the level of RESTRICTED - given the circumstances, I think there is a case for the Privacy Commissioner to step in purely on the protection of PII given the current circumstances.   They should stop using it immediately.

 

https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/

 

Regards

 

Caute_cautim

 

 

Caute_cautim
Community Champion

@kpinkhamThere an item called Zoom Bombing as well.  Found this piece on how to protect yourselves, should you wish to carry on using Zoom.  https://www.linkedin.com/pulse/3-ways-protect-your-zoom-meetings-jason-little/?trackingId=wiZMBiHJSv...

 

Regards

 

Caute_cautim

kpinkham
Newcomer II

90 day feature freeze to "clean up security and privacy".

 

 

 

https://www.theverge.com/2020/4/2/21204018/zoom-security-privacy-feature-freeze-200-million-daily-us...

 

 

Caute_cautim
Community Champion

Interesting:  https://www.securityweek.com/zooms-security-and-privacy-woes-violated-gdpr-expert-says

 

Could be a case of GDPR issues as well.  I wonder what CCPA would make of this too?

 

Regards

 

Caute_cautim

 

rslade
Influencer II

Well, a few more issues with encryption.  Plus some interesting points about Zoom's relationship with China.

 

https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-li...

 

And the quick (really quick!) and dirty attitude to development.  Particularly in regard to crypto.

 

https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-...

 

But, also, some advice on making Zoom safer.  (OK, I said "safer."  Not completely safe.  And China is probably still going to be able to listen in on every conversation.  If they want to ...)

 

(The advice to update is probably important.  Zoom does seem to be making some effort here: Yesterday the client I have on a Windows machine asked me to update, and today, at the end of a call/meeting, the Mac client asked me to update.  An old (really old) Android device tells me to update, but won't install the update.  My newer Android phone hasn't said anything, but I suspect it's updated by itself.)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

If you want to avoid Zoom, there's always Jitsi Meet.  I have zero experience with it, but I'm dying to try it out ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

@rsladeand all:  Here is a very good report on Zoom, which many should find very useful in determining their best course of action:  https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-...

 

And the best thing is - it is Canadian...... 

 

Regards

 

Caute_cautim

AppDefects
Community Champion

The founder and CEO of Zoom has apologized to the video conferencing app's millions of users after coming under fire for a host of privacy issues at a time when it has emerged as a vital social and professional lifeline for many.

 

"We recognize that we have fallen short of the community's -- and our own -- privacy and security expectations," Eric Yuan said in a blog post on Wednesday. "For that, I am deeply sorry."


Zoom will stop adding new features for the next 90 days and instead focus solely on addressing privacy issues, Yuan said. The company will also release a transparency report, similar to the ones periodically shared by tech giants, which details requests for data or content from government authorities.

Caute_cautim
Community Champion

@AppDefectsThe founder may have apologies and promised updates, but when they send the encryption keys to a server in China - I certainly will not be using them for hosting conferences.

 

https://www.securityweek.com/keys-used-encrypt-zoom-meetings-sent-china-researchers

 

And certainly not for discussions involving PII or Government discussions like the Prime Ministers of UK and Nw Zealand recently did on numerous occasions.

 

Regards

 

Caute_Cautim

kpinkham
Newcomer II

Wondering how Zoom was Fedramp approved by the US government after reading all this.

 

https://marketplace.fedramp.gov/#/product/zoom-for-government?sort=productName&productNameSearch=zoo...