Zoom: Is it safe?

Topic

New Reply

SOCIAL NETWORKING By Lincoln Spector Have you noticed that the start of every article about Zoom suggests that it has quickly turned into the most nee
[See the full post at: Zoom: Is it safe?]

3 users thanked author for this post.

Elly, abbodi86, woody

Reply | Quote

Replies

I echo Lincoln’s conclusion: In spite of the problems, I, too, am sticking with Zoom – for precisely the reasons he mentioned.

1 user thanked author for this post.

dearnold

Reply | Quote

The reports of the hidden web server (meant to bypass security measures) that came along for the ride on the Mac Zoom client is most troubling, and the way that the iOS version reported data to Facebook (which has no dog in this hunt at all) is concerning too. They also lied about having end-to-end encryption on Zoom chats.

These things call into question the ethics of the developers, in addition to the technical lapses that make “Zoom bombing” and such possible.  It’s annoying that such a shady product has “zoomed” to the market share they now have in spite of everything.

There’s two general kinds of risk that Zoom seems to present. First is the risk that installing their software will bring along bits you didn’t count on… which is the definition of a Trojan horse, a kind of malware. Those kinds of things, according to the linked article, are limited to the Apple versions of the client, but if the company is unethical enough to put the stuff in Mac and iOS versions, there’s no saying they won’t do it with versions for other OSes.  It seems unlikely that the versions of Zoom for non-Apple OSes have these kinds of things in them now, since all of the hoopla about Zoom security surely has attracted the attention of security researchers.

The second kind of risk is that the meeting itself could be insecure.  I was aware of that possibility when I was invited to a Zoom meeting less than a month ago, which I accepted. Nothing that either of us said was a secret, and I would not have used it for any sensitive topic.  The other kind of risk, that the Zoom client came with malware, hasn’t as yet been reported in the Linux version, but that doesn’t mean it’s absolutely not there or that a future version of the client might not include something malware-ish.

If Zoom wants to offer its services as a legitimate software developer/service provider, it should not be necessary to resort to these underhanded tricks. Legitimate software doesn’t use them.  It’s easier to lose trust than to gain it!

As for whether I will use it going forward… Well, I really can’t say. I didn’t expect to use it the time I did.  Will I get another invitation that I want to accept?  I can’t say.  I’ve only had two occasions to do videoconferencing during my lifetime (the first was in 2018), so it’s not exactly a regular thing. I’ll have to evaluate the invitation if and when it arrives, as I did with the one I accepted.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

8 users thanked author for this post.

Myst, Elly, LH, jrhmobile, woody, Wheel_D, vietmedic68, satrow

Reply | Quote

I will continue to use it as well for “lite stuff”.

It’s not that I’m not familiar with virtual meeting software. While in support at Big Red, we had group meetings using either Cisco’s corporate collaborative software, or the old Beehive Collaborator. (Gasps and feels faint!) The latter was truly one of the worst and least intuitive thing ever, ever, to setup. In no way, shape or form, could a lay person use this. Even the Cisco Go-to-Meeting is not easy to use. I can’t expect an elder relative or someone non-technical use this.

Anyway, is Skype any better? I’m not so sure. For awhile I used Skype, and I always found it to be a network hog, and ate system resources like crazy. Then after Microsoft bought it I ended up with stalkers every time I accessed my Outlook email because of how it integrated with my contacts. These weren’t real stalkers, but people would bug me as soon as I checked my email, which I did and continue to do multiple times a day. After that annoying thing, I ripped Skype out of Windows, and canceled my account.

In 2017 I started virtual piano lessons with a gent in Belgium and he introduced me to Zoom. From that point on, Zoom is my meeting software for our monthly Patreon calls and for my virtual railroad friends I assist with for their technical issues. We share desktops and I show them my latest work, and vice versa, and I assist them with technical issues.

I agree Zoom’s roughshod approach to issues and poor development practices definitely needs addressing, but for casual use, this is fine. Shame on them and they truly need to be called to the carpet for that.

On a scary note, if anyone uses their “secure” meetings, you’ll notice a password directly in the URL. Yes!

Example: (x’s to remove meeting id for security)

From generated link a previous meeting I had:

https://zoom.us/j/xxxxxxxx?pwd=WDN2OHlqbTNYaG44SnFvQ2swZEp2QT09

If you use the Zoom client software, and not the weblink, put in the meeting if, and then copy and paste the password shown into the password field.

No wonder hackers have been getting in. Intercept the link, and the hacker can get in!

Having worked in the IT field, this made my hackles bristle up!

1 user thanked author for this post.

Elly

Reply | Quote

A security expert told me this past week that after Zoom announced its security updates, he found downloaded conversations on the web, including one of a psychiatrist and his patient. Zoom is dangerous except for the innocuous uses where privacy does not matter.  Even still, probably everything goes to a server in China where it can be culled for useful information on how our country operates.

 

1 user thanked author for this post.

Wheel_D

Reply | Quote

I don’t trust Zoom for all the reasons mentioned in the article.  But for face to face contact with relatives why wasn’t Skype mentioned as an alternative?  My wife’s father is 88 years old and pretty computer literate so we need to make contact besides phone calls.

Reply | Quote

My interpretation of this article is this:

Q: Is Zoom safe?

A: Naw, but go ahead and use it anyway.

Maybe it’s just me, but I find this unsatisfactory.

AskWoody is the heir to Windows Secrets. I believe Secrets would have assumed Zoom was plutonium and issued strong warnings until it became so evident as to be obvious that there was enough lead between us and the danger. I think Zoom has yet to meet that burden and until its safety can be firmly established, it should be considered radioactive.

In addition, suggesting that it’s not that bad because everybody does it is very poor reasoning, to be kind.

The only way to send a message to Zoom and, by extension, other similar services is to strangle Zoom by not using it. The fact that some of our public institutions have resumed with Zoom is not encouraging.

Will

4 users thanked author for this post.

Elly, woody, Wheel_D, vietmedic68

Reply | Quote

Funny you should mention that. Lincoln Spector, the author of this article, was one of the main contributors to Secrets – and all of us on the editorial board spent years there.

I don’t use Facebook any more, largely for the same reasons. But when my son’s teacher wants to hold a class with Zoom, I don’t mind.

Would I initiate a teleconference with Zoom? Possibly. Depends on whether it needs to be secure. But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.

2 users thanked author for this post.

Elly, Myst

Reply | Quote

“But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.”

Glad that my “Computer group” in Phuket, Thailand and Vancouver, Canada is not the only one that had problems with Skype, but we’re all set now. We tried Google Hangouts, WhatsApp and Skype, but didn’t try Zoom as someone said it timed out after 40 minutes.

Thanks to the local lockdown, the group “meets” every Sunday at 10am, Thai time. The group’s name is “WoodysPhuket”. I forget why.  😉

Nil illigitimi carborundum

1 user thanked author for this post.

woody

Reply | Quote

Whoa! That’s GREAT!

Hope all is well. I hear that Phuket handled the virus much, much better than most places.

Reply | Quote

Yes, thanks. Thailand, Phuket and Rawai are doing pretty well…

Nil illigitimi carborundum

Reply | Quote

Tracey Capen wrote:

SOCIAL NETWORKING By Lincoln Spector

Even Windows has been dubbed “malware” (Computer World article).

Computerworld uses a strange definition of malware:

“Sure, it isn’t malware that’s designed with a malicious purpose.“

Reply | Quote

Preston was writing four years ago about the way MS was pushing itself — with a great deal of stealth. “X” out of a dialog box and boom! you get a new version of Windows.

I hope we’re beyond that stage now.

In general, malware is in the eyes of the beholder, eh?

1 user thanked author for this post.

Elly

Reply | Quote

woody wrote:

Funny you should mention that. Lincoln Spector, the author of this article, was one of the main contributors to Secrets – and all of us on the editorial board spent years there.

I don’t use Facebook any more, largely for the same reasons. But when my son’s teacher wants to hold a class with Zoom, I don’t mind.

Would I initiate a teleconference with Zoom? Possibly. Depends on whether it needs to be secure. But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.

Sure, I know the history and you know I do. What I’m saying is that there is a difference between plutonium and “go ahead and use it.”

If your son is in private school, that may be safer. But if public school, that means government and that’s when the privacy bells start to go off for me.

Lincoln’s suggestion to use the phone is the most sensible piece of advice.

1 user thanked author for this post.

woody

Reply | Quote

He’s very much in a public school. 🙂

1 user thanked author for this post.

Myst

Reply | Quote

Skype started out as a peer-to-peer communications platform. Then Microsoft bought it and started routing the contents of calls through its servers, so I stopped using it.

Is there any reliable P2P video chat software still around?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Hi,

I developed a program, zoomback, that lets you bulk load virtual backgrounds into Zoom.

This can be very useful when you’re looking at trying out dozens of backgrounds!

It also can display information about your Zoom database … including your call history.  (Note: call history is tracked for you only if you have done recording withing the call, sadly.  I’ve asked Zoom to change that…no response!)

The program is available, free, for Windows, Mac, and Linux (at least, 64-bit openSUSE).

It makes a backup copy of your Zoom database before touching it the first time, just in case.

It must, however, be run from the “command line” (Windows: shell  or command.exe; Mac: Terminal).

It’s at http://www.sieler.com/zoomback

Stan

Reply | Quote

[Will Fastie]

Cybertooth wrote:

Skype started out as a peer-to-peer communications platform. Then Microsoft bought it and started routing the contents of calls through its servers, so I stopped using it.

Is there any reliable P2P video chat software still around?

I think server middleware was in place long before Microsoft anted up. Something in the middle is needed for group calls.

• This reply was modified 4 years, 10 months ago by Will Fastie.
• This reply was modified 4 years, 10 months ago by Will Fastie.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Your reply prompted me to look it up. As it turns out, it wasn’t a “pure” P2P system as I’d thought, but rather one where some users functioned as “super-peers.” Still, they were themselves Skype users and not centralized company servers. This old article on Ars Technica has a useful description and illustration of Skype’s topology before Microsoft changed it.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Will Fastie wrote:

Is there any reliable P2P video chat software still around?

Yes, Apple’s FaceTime.

2 users thanked author for this post.

Bill C., Cybertooth

Reply | Quote

Bummer:

Due to the proprietary nature of FaceTime, it is currently unavailable on other platforms including Android and Windows.

Any other P2P video chat software out there that does work on Windows or Linux?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

My wife is a 4th grade teacher and her district went with Zoom for off campus learning due to Covid 19. I think the whole concept is a mess and not intuitive and very unreliable. I think the company had not planned for such a dramatic increase in demand, but they also clearly did not develop the system with a lot of thought on security, compatibility, stability and support.

Reply | Quote

It seems to me your acceptance of something like zoom correlates with your acceptance of things like open mics to massive tech companies in your house, using a data slurping OS like windows 10, putting all your data eggs in one G shaped basket etc. What i mean is, you start accepting those then what’s one more data slurping little gadget, right?

Personally, i’ve not used it and am unlikely to at this point and as a consequence i have isolated myself more than i should have but i just don’t trust them. I refer to bruce schneier on this matter and while they may have slightly improved their privacy and security policies since getting so much bad publicity i still don’t trust them until i’m given a good reason why they deserve it.

https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

Reply | Quote

Use Jitsi. It is open source and scrupulously reviewed for  security issues. Simple enough that my wife’s prayer group uses it w/out my help.

1 user thanked author for this post.

Elly

Reply | Quote

No, Zoom is not safe. Not by any stretch of the imagination.

And as security issues, both by flaw and by design, are constantly being discovered and Zoom developers keep responding with sh– uh, shoot, sorry – it makes me wonder what they haven’t shared about what’s wrong under the hood. Zoom’s steady and ready stream of shoot, sorry responses tells me there’s still a lot more to come.

Sure it’s easy to use – once the software is installed, even Grandma can click on an email link provided by the host and join the party. Which is why every Grandma and Grandpa on Earth is asking me install it for them and show them how to connect Zoom with their friends and family. Even after I tell ’em of the known and unknown security risks of using it.

If they insist, I’ll do that. That’s my job. But only on their systems. Not mine. Not ever. And if they want to learn how Zoom works, I’ll only do it if they arrange for both sides of the teleconference with someone else. I want no part of it. To the degree that I use remote software to troubleshoot problems through a secure vendor-supplied service.

In short, Homey don’t play that.

1 user thanked author for this post.

T

Reply | Quote

It reminds me very much of facebook’s weasel apologies over the years when they’ve unrolled one or other privacy busting features and they’re all “we went too far this time” or “this wasn’t in keeping with our core values” while never quite rolling back the privacy invading feature creep to where it was before. I will just not risk installing the zoom client on my machine and finding out down the line that it’s opened up some backdoor port even after the client is uninstalled because on the face of it it appears they are either incompetent when it comes to the tech (advertised as being p2p encrypted but not) or there is a huge communication problem between the pr and tech departments. It’s good they are getting this level of scrutiny due to the finger of fate somehow choosing them as the pandemic streaming app of choice but i am not yet convinced they know what they are doing.

Reply | Quote

T wrote:

I will just not risk installing the zoom client on my machine and finding out down the line that it’s opened up some backdoor port even after the client is uninstalled because on the face of it it appears they are either incompetent when it comes to the tech (advertised as being p2p encrypted but not) or there is a huge communication problem between the pr and tech departments.

A port is held open when some process is listening for network traffic, and that’s just what Zoom did on the Mac client. It installed a server to listen (presumably on port 80 or 443, since they called it a web server) and which could then be used for Zoom to reinstall the client without any effort from the victim. After they were caught, they did the customary “aw, shucks,” which is looking like a very rational thing to do, given how often the likes of Microsoft, Google, and Apple get away with it. I think they’re all probing the perimeter fence like the dinosaurs in Jurassic Park, looking for a weakness, seeing what people will tolerate, and trying to condition them to accept that any software they use will have its way with your computer or phone (so why fight it?).

The good news is that Zoom’s name has been dragged through the mud so much that they have a lot of eyes on them, and any such shenanigans are a lot less likely to go undetected than they once would have. So far they have managed to weather the storm without their name being tarnished to the point of no return (as “Vista” once was), but that could change in an instant if any more unethical behavior is noticed.  Malware-slinging is a bottom-feeder game, and with the kind of success they’ve had, they don’t have to be wallowing in the grime like that. One would hope they’d recognize that and “go legit,” but whether they will remains to be seen.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

T

Reply | Quote

I have been “Hosting” a corporate “Enterprise” Zoom account for 2 months with an average of 6 meetings a week. ALL meetings consist of ONLY non-confidential discussion. I have not seen any unusual use of computer resources, and scans have not even turned up any “pup’s”.  So far it has been a smooth, indecent-free experience. I have received no warnings or comments from headquarters regarding any negative feedback from the other “Hosts”. That is my experience so far. I hope yours will be pleasant as well.

Reply | Quote

Hello,

I do not see a solution here? I’m trying to have zoom calls, and have downloaded the latest camera update and it worked for a while, but no more. Zoom is listed as a Desktop App that is not affected by the On/Off setting under Allow Desktop Apps to access your camera.

Is there a work around for this? Windows 10, v1909.

Thanks!

Gingersnap

Reply | Quote

If you wish to look further into Zoom security, this article from the horses mouth published on the 20th May be of help.

1 user thanked author for this post.

Cybertooth

Reply | Quote

My observation of using ZOOM for the first time.
Downloaded the exe on my main Win 8.1 PC, but decided to use another PC for the zoom event. In confirming the detail properties of the exe to make sure I had the newest version, I accidentally (?) triggered the installation. The UAC displayed and I selected “No” to not install but the zoom installation proceeded. Next I attempted to cancel the zoom installation by clicking the Red X of the zoom installation dialog box, but the installation proceeded. Took a while, but eventually removed all traces of the installation; the program itself installed in the app data folders and my firewall settings were changed to allow zoom. This was annoying since I did not want to install ZOOM on my main PC.
On the protected PC that I planned to use for my zoom event, I downloaded a fresh zoom install and found that UAC was again ignored and it was impossible to stop the installation once started.
Rebooted to revert changes (using deep freeze software) and re-installed normally. About 30 minutes into our meeting, I was advised that their was a new version would I like to install it. (Selected no). Later as the meeting ended I was advised by a zoom popup that after May 30th encryption will be included in all new zoom downloads, do I want to install it now.
When the meeting was over, I rebooted to revert all changes.
The meeting code and password were in the url.
Other than that easy as pie to use. Yes, will use again as long as I can wipe all traces of it away when finished.

2 users thanked author for this post.

Cybertooth, Elly

Reply | Quote

Zoom has added end-to-end encryption for free users, so that’s good news:

https://www.macrumors.com/2020/06/19/zoom-end-to-end-encryption-available-to-all/

I have to use Zoom at my school for live classes. For work, I generally have to use GoToMeeting or GoToWebinar with customers, and Microsoft Teams for employees.

I also have a free Cisco WebEx license, and I just provisioned a paid Microsoft Teams license with a test Microsoft 365 Business Basic account I setup.

If I need to meet with multiple users, I’d probably use my paid Microsoft Teams account since it’s included in my Microsoft 365 plan and I don’t have to pay extra.

Nathan Parker

1 user thanked author for this post.

Elly

Reply | Quote

[Cybertooth]

This clinches it for me.

Initial trials with Jitsi Meet have yielded promising results and I may be recommending its use to everyone we might chat with online. Using it appears to be pretty straightforward, as you don’t need to create an account or install anything: you just enter a meeting name, send out the resulting URL, and conduct the meeting via your browser.

If anyone knows of privacy/security issues with Jitsi Meet, please give a shout.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 4 years, 9 months ago by Cybertooth. Reason: typo

2 users thanked author for this post.

Elly, Nathan Parker

Reply | Quote