Zoom is now “the Facebook of video applications”


This is why it is particularly cynical for many of us that Google prohibits employees from using Zoom’s shaded desktop app on the same day that Zoom hired former Facebook security bobblehead as a consultant. as part of its foggy privacy and security triage campaign.

Organizations that have now banned Zoom include Google, the Taiwan government, the German foreign ministry, New York public schools (among others), the Singapore ministry of education, SpaceX, and NASA. Oh, and the FBI started issuing warnings last month.

In addition to this, a Zoom shareholder filed a lawsuit this week for its falling share price, accusing the company of “deliberately hiding security holes in its platform”. Do not confuse it with the other lawsuit filed in late March over an inappropriate (and possibly illegal in California) data exchange agreement with Facebook.

On the other hand, the Trump administration’s DHS Cybersecurity and Infrastructure Security Agency adores him and thinks Zoom does a great job.

I’m sorry, I should save. I know every day lasts ten years now, so let’s get angry with a Zoom highlight coil.

Uber, but for teleconferencing

NEW YORK, NY - APRIL 18: Zoom founder Eric Yuan poses in front of the Nasdaq building as the screen shows the logo of the videoconferencing software company Zoom after the opening ceremony on April 18, 2019 in New York . The video conferencing software company has announced its IPO at a price of $ 36 per share, with an estimated value of $ 9.2 billion. (Photo by Kena Betancur / Getty Images)
Zoom founder Eric Yuan poses in front of the Nasdaq building in New York.

Kena Betancur via Getty Images

When February became March, quarantine became the rule in most of North America. Zoom, a “unicorn” founded by a billionaire from Valley, was a corporate security and privacy teleconferencing application that had already made its way into everyday use by ten million users. Founded in 2013, the company was quickly adopted thanks to partnerships with companies like Facebook, and probably the same taste of fat and pride that wealthy founders appreciate. But also probably because the founder made his billions by selling the first ugly and awkward iteration of Zoom, WebEx, to Cisco, and had the connections.

In any event, life in quarantine has been a brutal change for most people and absolutely brutal for many businesses and educational institutions. Zoom usage reached 200 million in March. These new users were desperate people trying to keep their jobs, educate their children, ask for help from doctors, and yes, families and ordinary people looking for a flap of normalcy (human connection) while ‘a mysterious and terrifying virus began to fill endless refrigerated trucks with corpses in front of the windows of their living room.

Why zoom? Good question. One answer is certainly its ease of use and its robustness. Video quality is always good, calls are rarely dropped, and routine problems with other conferencing applications (like an inconsistent or confusing user interface) are much less. Zoom has also done things that a lot of people really want from old fuddy-duddy apps like Skype; namely, customizable backgrounds, a Brady Bunch style grid view, and more. You still need to download a third-party app like Snap Camera or iGlasses to get cool filters, but whatever.

The answer to “why Zoom?” May also lie in the fact that while Zoom saw its profits explode thanks to a terrified and literally captive user base, its founder decided to give unlimited subscriptions to K-12 schools in Japan, Italy and the States -United. It started, of course, with what the press described as “a prestigious school in Silicon Valley”.

It is probably cynical to think that while a trapped user base is good for the equity portfolio, an equally desperate and non-tech savvy set of captives is an atmosphere conducive to sidelining privacy and privacy issues. security.

That’s what Zoom has had for years – documented security breaches, malware-like behavior, user unmasking on LinkedIn, shady data transactions, and privacy complaints – long before its new popularity. And long before the pandemic press and researchers began exposing Zoom’s extremely misleading statements about safety and things like leaked email addresses and user photos to strangers.

This does not mean “people should have known”. In other words, Zoom should have been better digital citizens than this.

Aspirational malware

In 2018, security company Tenable found a Zoom vuln “that allows an attacker to hijack screen controls, spoof chat messages, or expel and lock meeting attendees.” Zoom then released updates for macOS, Windows, and Linux, but its fix did not work completely. Zoom offered the Tenable researcher money to report the problem – as long as the researcher kept his mouth shut about it. The money was refused.

The end of 2018 is also the time when people tried to sound the alarm about what happened when people installed Zoom on a Mac; Basically, Zoom * also * installed * its own web server that could reinstall Zoom even if you tried to delete it. The server has also introduced security holes allowing attackers to hijack Mac users’ webcams. At the time, the Zoom CISO said the server was supposed to “bypass a security feature introduced by Apple in Safari 12” – under the pretext of saving people with a click.

2019 has brought more of the same. The Electronic Privacy Information Center has filed a complaint with the FTC alleging that Zoom “had committed unfair and deceptive practices”, claiming that the company “had intentionally designed its web conferencing service to bypass browser security settings and activate remotely view a user’s web camera without the knowledge or consent of the user. ”

Zoom on the fine print

But it was then and it is now. When Zoom was suddenly in everyone’s house, many privacy-oriented organizations were like, please don’t. Proton Mail has provided a full list of everything rotten about corporate privacy practices, including extremely frightening privacy choices about who can see your private messages (and more). Then the Intercept dissected Zoom’s claims and practices from start to finish, finding that the company had invented its own (misleading) definition of encryption – followed by the brutal Citizen Lab report on the terrible encryption practices of Zoom.

As more articles were published on Zoom issues, Zoom finally started taking action. For example, two days after Vice’s report on the company’s Facebook iOS data sharing (including how it powered Facebook ghost profiles), Zoom removed the code that was sending the data to Facebook.

But the hits keep coming. This month is nonstop.

Examples like “Zoombombing” – hijacking – reached critical mass this month when the attackers organized. The zooms included flashes, hate speech, porn and threats. According to NPR, those affected are: “a meeting of Alcoholics Anonymous in New York, a Sunday school in Texas, online courses at the University of Southern California and a city meeting in Kalamazoo, Mich.” And the Washington Post just reported that thousands of Zoom records of meetings and private calls have been released online. These included therapy sessions, elementary school classes, business meetings and, because the cornea always finds a way, nudes.

Look, people are already call Zoom into “Facebook video applications”. I guess they just had to close the vicious circle by hiring this Facebook security guy.

It’s Alex Stamos. He was Facebook’s CSO when Facebook got caught giving advertisers safety information (telephone numbers provided by users for two-factor security) for advertising targeting. When the people at Infosec complained that they gave Facebook their phone number for two factors, and then received text spam via the number they provided, Stamos tried to calm the betrayal by writing: The last thing we want is for people to avoid useful security features because they fear receiving independent notifications. “

I am sure Mr. Stamos will help Zoom to gather its prime-time safety story. It’s just a big PR move for the dark comedy, at least if your point of view is not turned down by management. And that’s what brought us here with Zoom, really.

What we really want to know is how it’s still going. I mean, we know the system is down; the billionaire jerkwads and their brothers are rewarded for exploiting us, ruining our lives, endangering us, destroying democracy and getting a big unicorn pat on the back for that.

They will never have true ethics and compassion for true otherness because they will never experience real consequences. They really don’t have full relationships with people outside of their class. Right now, their jobs are secure, they just bought all these new things to have fun in quarantine, they have janitors, they don’t really see it as a big deal. They never thought that Zoombombing would be a real problem for anyone whose opinion or business matters to them, as they probably never knew the “poor” (or working class, or scared) side of using of their product. For them, privacy is like money, in that it is a moral reward for those who “deserve it.”

It is no coincidence that the people most affected by COVID-19 are exactly the same people who are marginalized, sidelined, excluded, left behind, exploited and silenced by technology (and we are numerous).

How to Survive a Zoombie Apocalypse

Exhausting office work concept. Female and male zombie characters in ragged clothes, working on computer, using cellphone in office, walking with cup of coffee in office interior cartoon vector illustration

VectorPocket via Getty Images

The question is how it continues to happen to those of us who are fortunate enough to know a little more about technology than our friends and family. And the answer right now is that the stakes are incredibly high, while the options are incredibly bad. Think about it. Like all of us, the teachers suddenly woke up The walking dead. Even if they had jumped on Google and searched for “Zoom: best privacy and security practices,” the search would have been meaningless – because Zoom’s bad practices were embedded and his statements could not be reliable.

In light of the avalanches of privacy and security on Zoom right now, the CEO of the company is anxious that it all go away. Eric Yuan told TIME that basically he couldn’t wait for the pandemic to end so they could focus on their corporate customers again. Uh, like in, going back to the way it was before? When they exposed employees, deceived their corporate customers about encryption, exposed companies to the vulns, and who knows what else?

Yeah. Therefore.

I would encourage everyone, especially companies that have looked at BS ‘privacy and security practices, to think of the 2020 quarantine as a big, long hacking and security conference very angry. Because the 20,000 who normally attend Black Hat USA (or the 30,000 at DEF CON) might not go there this year. They are certainly not at the safety conferences they usually attend at this time of year. The new hacking conference is your bad practices, Zoombros. And all these annoyed researchers go pretty crazy when you put their families in danger during a fucking pandemic.


Please enter your comment!
Please enter your name here