Introduction to Can We Trust The Zoom App
After weeks of controversy, we are trying to see a little more clearly about the Zoom case, this star videoconferencing application which has been talked about a lot lately.
Security breaches, data sharing to Facebook, indecent growth. In recent weeks, the Zoom application has been at the centre of the news, often despite itself. It must be said that since the start of confinement, the videoconferencing application cut out for businesses has seen the general public flock to it.
To overcome loneliness, the French have turned massively to video chat. However, the question remains: can Zoom be trusted?
Does Zoom respect the GDPR?
Entered into the application at the beginning of 2018, the General Data Protection Regulation (RGDP) strictly regulates what it is possible for a company to collect as personal data. Any company that operates in Europe has to comply, so what about Zoom?
If we are to believe the boss of the company recently interviewed by Le Parisien, Zoom and its terms of use “have complied with the legislation and the General Data Protection Regulation (GDPR) from the start.” The company’s privacy policy says much the same.
However, it should be noted that this page was recently updated and that before March 29, this same privacy policy stated that “your name […] your postal address, your email or your phone number ” could be recorded by Zoom whenever you use any of its products, whether or not you have an account.
“The GDPR lays down principles”, explains Garance Mathias, a lawyer specializing in data protection, “then it’s up to the data controller to set up data governance. In the case of Zoom, one could wonder about the processing of this data and what was the intended purpose of use. ”
Does Zoom transfer my data to Facebook?
One of the controversies that exploded at the same time as the popularity of Zoom concerns a suspicious transfer of data from the application to Facebook.
It was the specialist site Motherboard that noticed that the Zoom iOS application sent, without really warning its users, location data as well as a unique advertising identifier to Facebook when the videoconferencing app was open.
A sharing which took place “without our knowledge”, according to Loïc Rousseau, CEO of Zoom France and which was settled “in 24 hours”.
A piece of code was deleted under the abundant excuses of the company which risked big because, as Garance Mathias explains: “for there to be the communication of data to third parties, the user must be made aware and have access to readable, understandable and accessible information on the subject ”.
What is zoom bombing?
A phenomenon that became popular during the coronavirus epidemic, “zoom-bombing” has taken the world by storm in recent weeks. The practice consists of infiltrating a Zoom videoconference in order to disrupt its progress.
This can happen if the conference has not been launched taking care to respect certain security principles and a simple link or password allows anyone to join a meeting.
A fashion that the boss of Zoom prefers to qualify as “meetingbombing” since it does not only affect its application. We can easily understand why.
Is Zoom data encrypted?
Despite what the site and app promise, the data that passes through Zoom’s hands is not end-to-end encrypted. This method of securing data, used in particular by WhatsApp or Signal, requires that the content of a call or message be exclusively accessible to the parties concerned.
This ensures that hackers or unscrupulous companies do not exploit the content of your chats.
However, as The Intercept explains, calls made by Zoom are accessible by people with access to the company’s server. In a statement, however, the latter assured that “Zoom does not exploit user data and does not sell their data in any way.”
Will my Zoom account end up on the dark web?
As noted by the BleepingComputer site, more than 500,000 Zoom accounts were found for sale on the Dark web. A gloomy revelation for the company, which however has nothing to do, a priori, with a possible data leak.
Indeed, if these accounts arrived in such a place, it is thanks to an “attack with the identifier” which consists for hackers to use the information published during other leaks to try to identify themselves on other Web sites. If you use a different password for each site, you have nothing to worry about.
According to the boss of Zoom France, “these are free personal accounts that have not been used for several months and have not made the latest updates” – and these are quickly deleted.
Should I be concerned about Zoom security holes?
For almost a year now, Zoom’s snags with cybersecurity have been making headlines. Last year, it was access to the webcam of Macs that was left wide open by the Zoom application and more recently, it was faulty security of video conferences that was singled out.
There are sufficient reasons for companies such as Google or state structures such as the Interministerial Directorate for Digital (DINUM) to advise against the use of Zoom.
If the company is to be believed, however, everything is being done to resolve these problems. “All engineering efforts will be focused on issues of privacy, trust and security,” explained the company, which recently brought in Alex Stamos (a Facebook alumnus) and Katie Moussouris (previously at Microsoft) “to assist with the complete security review of our platform”.
The management of the company therefore seems to take the subject seriously. Remember, however, a golden rule of computer security: no system is inviolable, especially when it touches the webcam and the microphone of your devices.
Can I teach lessons through the Zoom app?
The use of Zoom by the teachers of the National Education is a complex matter. Technically, many academies advise against the use of Zoom since there are still “many questions about the security of this tool” but faced with the challenge of school 2.0, many teachers have nevertheless called on the services of the business.
“The challenge here is that in this case there is data concerning minors, and on this point, there is specific protection, ” adds Garance Mathias.
It is therefore difficult to say that Zoom is perfectly trustworthy or that the application should be pilloried. You can download zoom alternative software from windowsburner.com
“The rules of data collection are on a case-by-case basis,” says Garance Mathias, who points out the lack of transparency of Zoom in this case, before specifying maliciously that, ultimately, “the first thing to do if you want to use Zoom it is to read the general conditions of use of the platform. ”
