1/ Hey all! Brianna here.

I do not personally write every Tweet that goes out here. Earlier today, a Tweet went out about Zoom and valid infosec concerns.

Some of the language was generally true, but lacked the precision you should expect from someone running on #infosec.
2/ So, I wanted to precisely state those concerns about Zoom myself, in my own words.

Zoom has a reckless history of how the product installs.

Last year they were caught installing a server on your Mac that could activate your webcam without permission.
3/ Even if you uninstalled it, the server remained. This, of course, is a huge attack surface. Apple updates MacOS to delete it from your machine, because it was behaving like malware.

Things happen in software development. But this pattern of low ethical standards continues.
4/ Zoom has advertised their product as using “End to end encryption.” It turns out this is a lie. It uses TLS.

And earlier this week, security researchers examined how Zoom installs. It unpacks files you install things on your system to get around asking for your password.
5/ Now look, I get that if you are shipping video conferencing products for the masses, ease of use is paramount. And I accept that their are trade offs.

But, this thread cratches the surface on the privacy issues over Zoom. At the MINIMUM, default settings need to improve.
6/ Ultimately, we need competition. What I want to see is Microsoft Teams and Google Hangouts grow to be legitimate competitors.

These are better products that take fewer shortcuts.

Like Facebook, Zoom has a lot of work to do if they want to earn the public’s trust back.
You can follow @BriannaWu.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: