1/ Hey all! Brianna here.
I do not personally write every Tweet that goes out here. Earlier today, a Tweet went out about Zoom and valid infosec concerns.
Some of the language was generally true, but lacked the precision you should expect from someone running on #infosec.
I do not personally write every Tweet that goes out here. Earlier today, a Tweet went out about Zoom and valid infosec concerns.
Some of the language was generally true, but lacked the precision you should expect from someone running on #infosec.
2/ So, I wanted to precisely state those concerns about Zoom myself, in my own words.
Zoom has a reckless history of how the product installs.
Last year they were caught installing a server on your Mac that could activate your webcam without permission.
Zoom has a reckless history of how the product installs.
Last year they were caught installing a server on your Mac that could activate your webcam without permission.
3/ Even if you uninstalled it, the server remained. This, of course, is a huge attack surface. Apple updates MacOS to delete it from your machine, because it was behaving like malware.
Things happen in software development. But this pattern of low ethical standards continues.
Things happen in software development. But this pattern of low ethical standards continues.
4/ Zoom has advertised their product as using “End to end encryption.” It turns out this is a lie. It uses TLS.
And earlier this week, security researchers examined how Zoom installs. It unpacks files you install things on your system to get around asking for your password.
And earlier this week, security researchers examined how Zoom installs. It unpacks files you install things on your system to get around asking for your password.
5/ Now look, I get that if you are shipping video conferencing products for the masses, ease of use is paramount. And I accept that their are trade offs.
But, this thread cratches the surface on the privacy issues over Zoom. At the MINIMUM, default settings need to improve.
But, this thread cratches the surface on the privacy issues over Zoom. At the MINIMUM, default settings need to improve.
6/ Ultimately, we need competition. What I want to see is Microsoft Teams and Google Hangouts grow to be legitimate competitors.
These are better products that take fewer shortcuts.
Like Facebook, Zoom has a lot of work to do if they want to earn the public’s trust back.
These are better products that take fewer shortcuts.
Like Facebook, Zoom has a lot of work to do if they want to earn the public’s trust back.