Is it possible that Zoom is not ready for its moment in the spotlight?

The coronavirus pandemic hit, sending millions of students and workers home. Lots and lots of us have defaulted to using Zoom for video conferencing, school, virtual happy hours, family chats with parents and even — in the case of the British government — cabinet meetings.

As Zoom usage increased, we started hearing about its problems, like being nontransparent about sharing information with Facebook, promises of encrypted video and audio chats that aren’t and even a vulnerability that could let a hacker steal your password if you’re on Windows. So what does this say about Zoom or any of the tools we’re now suddenly all using all the time? I spoke to Kim Zetter, a cybersecurity journalist and author, about our vulnerabilities online. The following is an edited transcript of our conversation.

Kim Zetter: Obviously, Zoom is very useful, and the problem is, now we’re using it for a lot more serious things. People are doing conferencing with their medical doctor, or they’re having therapy sessions over Zoom. The issues now are not just about what I just described, but they’re also about the users’ awareness of what control [the host] has over it.

Molly Wood: There have been a couple other issues raised, too. For example, Zoom was sharing user data with Facebook. And people coming into meetings and doing, in some cases, really racist and sexist attacks, like taking over a meeting and interrupting them and drawing terrible things on the screen. How big a deal is that?

Zetter: In the latter part you’re referring to what’s called Zoom bombing, like a photo bomb. What happens often is that people aren’t really protective about the Zoom ID meeting that they have. That’s not private if you’re sharing that around, so anyone can actually dial into that call as well. If someone does obtain that information, you can do something that’s called a waiting room, where the host actually doesn’t allow anyone to come into the conversation without actually approving them. I think people need to be more aware, in general, of some of the privacy implications when they’re sharing this information. They should also password protect their meetings, so that even if someone does get the meeting ID, they would need, hopefully, a robust password to access it.

Wood: There must be other pieces of software like this that we’ve defaulted to for this sudden remote work experiment that may also have built-in security issues, right?

Zetter: If you’re doing this for company work, your company should have vetted these software tools prior to recommending that you get on them. Zoom, we know some of the problems because there’s a lot of focus on it right now, but when you get into some of the lesser-known programs, then in those cases, we really don’t know what kind of security problems they may have.

Wood: What do you worry about as you see this all happening and you see these employees going home and probably mixing personal and professional equipment — maybe working distracted, tired or upset? Do you fear that this is opening up either companies or individuals to cybersecurity attacks?

Zetter: It definitely is. The remote work at this scale does raise a lot of vulnerable points. In many cases, when workers are working from home, they may take a laptop from work that has already been secured by their IT department. But now a lot of people are working at home, and they’re sharing those laptops, or they may be using a personal laptop, and they’re on their home Wi-Fi, and all of these things create new vulnerabilities. Let’s say in a Zoom call, you are not very protective of what’s in the background of that Zoom call, so you might have sensitive things in that room area that are showing up on the Zoom call. Those calls can be recorded, they can be passed around on YouTube or they can be made public. I think people just need to be more aware that even though it feels like the privacy of their own home, they’re still opening up that window, essentially, to their computer, to their home, to their conversations.

Related links: More insight from Molly Wood

The FBI says two Massachusetts schools had strangers show up in their online video classes. One shouted out the home address of a teacher and the other was reportedly covered in swastika tattoos. Zoom’s CEO was on Good Morning America on Wednesday and gave people the same advice that Kim Zetter gave: Use passwords for each meeting, create waiting rooms and lock down sessions. The company also revised its privacy policy over the weekend to say that it does not sell personal data that it collects from users. Zoom updated its app on iOS devices to stop sharing data with Facebook as well. 

But security researchers keep finding and raising more concerns. CBS News reports that Zoom is already being sued in California, and the state of New York is looking into its privacy practices. People — especially businesses discussing sensitive information on video conferences — should Zoom carefully to say the least.

Also watching

Before coronavirus, I had been talking about how 2020 might be a reckoning for the tech industry — money might flow just a little less freely, startups would have to tighten up and some might not make it. Now, in the midst of the pandemic, The New York Times reports the reckoning is happening by hours, and it’s ugly. The Times says that in the span of just a few weeks, more than 50 startup companies have laid off or furloughed some 6,000 people. They’ve canceled IPOs, like in the case of Airbnb, and the Times says venture capital funding for the first three months of the year would have its second steepest quarterly decline in a decade. I think we can assume it’ll hit first steepest by next quarter.

Stories You Might Like

Goodbye Zoom calls, hello VR meetings

Welcome to Zoom Town, USA

The science of “Zoom fatigue”

Can new features help teleconferencing platforms like Zoom keep up?

Artwork value in a world of infinite copies

Why did Zoom win the teleconference race?