To use Zoom or not? This question was also raised in recent weeks by many trainers and personal developers. At the beginning of April, the news spread that the tool had significant security vulnerabilities. Which information is correct now and which is not? We summarize the facts:
The popular meeting tool Zoom has repeatedly caused major disagreements in recent weeks. There were discussions between data protection advocates and security experts, which did not yield a clear result. But what does the current situation look like? Can I use Zoom without problems for training, coaching, and online courses? We have compiled the latest information (as of May 25, 2020) for you:
An Overview of Criticisms against Zoom
Let's start with the known problems of the platform, which were the trigger for this entire debate. Since many media reports have drastically simplified the issues surrounding Zoom, additional uncertainties arose. So that you know which points were specifically criticized, here is a brief overview:
Disclaimer: Of course, the video conferencing provider Zoom has responded to this legitimate criticism and immediately resolved the problems and security vulnerabilities in the next update! Not all problems originated solely from the software provider's side; some security vulnerabilities were created by the users themselves.
1. Zoombombing
It was frequently reported that strangers logged into virtual meetings uninvited and shared inappropriate content. This was mainly due to the fact that anyone who had the 9-digit Meeting ID could participate in the conversation directly without any further barriers. Zoom wanted to make usage especially easy, but this also resulted in the disadvantage of uninvited nuisances.
By implementing an additional individual meeting password, this problem is quickly resolved. The setting was previously only optional, but it is now firmly included in the default settings.
2. Data Leaks
In mid-April, it became known that access data for over 500,000 accounts were available for purchase on the dark web. It was also revealed that analytics data and a type of advertising ID in the mobile iOS version of Zoom were shared with Facebook. Experts also warned about the theft of Windows passwords through contaminated links.
This involuntary data sharing with Facebook was terminated in the next update. Furthermore, the hacked access data is likely not attributable to Zoom-specific security flaws, as business customers with SSO systems are rarely or never affected by such attacks.
3. Encryption
The weak encryption of the video conferencing provider was also criticized. Zoom had also claimed until recently that meetings were end-to-end encrypted. However, this turned out to be false. Only transport encryption was provided. Access to the actual server and the data stored there could theoretically be obtained.
In the wake of the next update, Zoom announced that it would strengthen encryption starting from version 5. The current version has been available since the end of April.
4. Server Location
The company had rented several server locations through which the data traffic was routed. Due to GDPR, it was criticized that the data, in particular, was routed to both the USA and China.
The company responded to this, which is why it is currently possible to choose which server locations other than the USA are permitted. By registering with Zoom, a data processing agreement is automatically concluded, and the corresponding terms of use were specified in mid-April. Now, the so-called EU Standard Contractual Clauses have also been integrated into the contract. Thus, the use is GDPR compliant.
5. Installation
Zoom is particularly popular due to its quick usage and installation; however, there were problems here as well. According to experts, some security settings were bypassed mainly during installation on Apple devices. This allowed meetings to be unintentionally recorded or access to the microphone or camera to occur.
Zoom issued a statement that they would update the installer and also update the client and have strengthened security settings as well.
6. Data Protection
As an American company, Zoom was also strongly criticized regarding data protection. In light of the GDPR applicable here, the company had to upgrade for the European market. Zoom is now also certified under the EU-U.S. Privacy Shield and thus meets the legal requirements for an adequate level of data protection.
Various experts say, however, that Zoom is currently legally compliant with data protection and can be used. Currently, only the official designation of the representative in the EU is still missing in the data protection information.
Why We Still Recommend Zoom
Of course, the video conferencing provider was rightly subjected to strong criticism, as data protection is particularly important for companies. Therefore, we are even happier that these security issues have been resolved.
Zoom has several advantages over other video providers: It is relatively easy to use and also provides a stable video and audio connection even with a low internet bandwidth. Additionally, even in the free version, large groups of up to 1000 participants can attend the meeting. In our blog, we have already reported in detail on why we love using Zoom: Zoom – The Best Meeting Tool?
What You Should Still Watch Out for with Zoom:
Make sure that you are using at least Zoom Version 5 and regularly and promptly make new updates.
Even with the additional password, do not share meeting links with people outside your company.
When creating passwords, pay attention to common security recommendations and always send them separately from the actual invitation.
Lock your meeting room for strangers as soon as all invited participants have joined the video conference.
Do not send sensitive files or links to documents directly in the Zoom chat.
You can apply these tips not only for Zoom. When generally using video services, you should ensure that important data is not sent unencrypted. If you take these things into consideration, there is nothing standing in the way of using Zoom.
Our Conclusion on Using Zoom
Among video conferencing providers, Zoom is the global market leader. This is probably one of the reasons why the tool was so heavily criticized. As with any other software, various bugs and other security issues can also arise with Zoom – these are usually resolved promptly. We see this as a decisive advantage: Since Zoom is critically examined by many different experts, errors are recognized and corrected more quickly. This makes the tool even safer for users.
Additionally, Zoom offers us more advantages than disadvantages. We gladly align ourselves with the opinion of security researcher Steven M. Bellovin of Columbia University: He writes on his blog that while the security of Zoom is not perfect, the use for normal purposes is completely unproblematic and that its simple usability and stable connection also perform very well with larger groups. Anyone who wants to use Zoom in a corporate context for brief meetings with colleagues and employees can do so without concern, as long as it does not involve trade secrets. However, if confidential information is being discussed that could be of interest to intelligence services or hacker groups, we would also advise against using Zoom.
In the end, you must decide for yourself whether to use Zoom or not. We at blink.it will continue to use the tool, as it is entirely sufficient for our purposes and the advantages clearly outweigh the disadvantages.
