Zoom

Michael E. Kirkpatrick ·

Zoom, the video conferencing service, seems to have a lot of bad things happening under the hood that are now being exposed and more people use their service.

From Joseph Cox at Motherboard in his article “Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account”:

What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account, according to a Motherboard analysis of the app.

From John Gruber’s Daring Fireball “Regarding Zoom”:

Zoom subsequently removed the Facebook integration code and fast-tracked an update to the App Store. But still. This is a company with a history of playing fast and loose with privacy and security. You may recall last summer, when it came to light that the Mac version of Zoom secretly installed a web server, which remained installed and running even if you deleted the Zoom app from your machine. Shockingly, this enabled a security exploit that allowed hackers to take control of your Mac’s camera — the sort of privacy nightmare scenario that leads folks to tape over their cameras. Zoom called this hidden unremovable-through-normal-means web server a feature, not a bug. The bug was so insidious that Apple had to push a silent MacOS update to remove Zoom’s hidden web servers.

And from Micah Lee and Yael Grauer at The Intercept in “Zoom Meetings Aren’t End-to-end Encrypted, Despite Misleading Marketing

Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

…But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.