from the world's big
'Misleading marketing': Zoom video meetings may not be as secure as you think
Video meetings on the popular platform don't seem to offer end-to-end encryption as advertised.
- Despite claims, Zoom's video and audio meetings don't support end-to-end encryption, according to a recent report from The Intercept.
- End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it's decipherable only to the sender and receiver.
- Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
The video conferencing platform Zoom has become wildly popular as millions of people have switched to remote work during the COVID-19 pandemic. The platform offers high-quality streaming, an easy-to-use interface, and end-to-end encryption (E2E), which scrambles data so that it's decipherable only to the sender and receiver. In theory, end-to-end encryption would prevent the government, internet providers, and even Zoom itself from eavesdropping on users' meetings.
But a new report from The Intercept shows that Zoom's audio and video meetings don't seem to actually support end-to-end encryption, at least as that term is commonly defined.
"Currently, it is not possible to enable E2E encryption for Zoom video meetings," a Zoom spokesperson told The Intercept. "Zoom video meetings use a combination of TCP [Transmission Control Protocol] and UDP [User Datagram Protocol]. TCP connections are made using TLS [Transport Layer Security] and UDP connections are encrypted with AES [Advanced Encryption Standard] using a key negotiated over a TLS connection."
In other words, Zoom does encrypt video meetings, but it does so through transport encryption. This means Zoom has the ability to access users' private meetings. One concern among privacy advocates is that the government could someday compel Zoom to hand over recordings of users' meetings, which were advertised as being encrypted end to end.
Speaking to The Intercept, a Zoom spokesperson described the platform's definition of "end to end":
"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point...The content is not decrypted as it transfers across the Zoom cloud."
Although Zoom might not decrypt data as it transfers across the platform's cloud, it certainly has the ability to do so. "They're a little bit fuzzy about what's end-to-end encrypted," Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, told The Intercept. "I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."
In a recently published open letter, the human rights group Access Now called on Zoom to publish a transparency report that includes the following information:
- The number of government requests for user data you receive by country, with compliance rates, and your procedures for responding to these requests
- The circumstances when you provide user information to government authorities
- Policies on notice to potentially affected users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse
- Policies and practices affecting the security of data in transit and at rest, including on multi-factor authentication, encryption, and retention
Other privacy concerns
Zoom is also facing criticism for passing user data on to third parties. Last week, Motherboard published a report showing that the Zoom iOS app was sharing user data with Facebook — even if Zoom users didn't have a Facebook account. On Monday, a Zoom user filed a class-action lawsuit against the company, alleging:
"Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. ("Facebook"), invading the privacy of millions of users."
Looking for a video-conferencing platform that does offer end-to-end encryption? Consider looking into Microsoft Teams, Signal, Clickmeeting, and Wire.
- You're Being Spied on by ISPs. Time to Set Up a VPN and Fight Back. ›
- 4 no-brainer security measures we rarely take - Big Think ›
Emotional intelligence is a skill sought by many employers. Here's how to raise yours.
- Daniel Goleman's 1995 book Emotional Intelligence catapulted the term into widespread use in the business world.
- One study found that EQ (emotional intelligence) is the top predictor of performance and accounts for 58% of success across all job types.
- EQ has been found to increase annual pay by around $29,000 and be present in 90% of top performers.
The rough beauty of the American West seems as far as you can get from the polished corridors of power in Washington DC.
The rough beauty of the American West seems as far as you can get from the polished corridors of power in Washington DC. Until you look at the title to the land. The federal government owns large tracts of the western states: from a low of 29.9% in Montana, already more than the national average, up to a whopping 84.5% in Nevada.
This course collection can get you trained and ready for a six-figure career in this field.
- The Premium 2020 Project & Quality Management Certification Bundle explores the most popular project management methodologies.
- Coursework covers Agile, Agile Scrum, PMI-PMBOK and Six Sigma approaches.
- Valued at $2,699, the course package is on sale for just $45.99.
Researchers are using technology to make visual the complex concepts of racism, as well as its political and social consequences.
- Often thought of first as gaming tech, virtual reality has been increasingly used in research as a tool for mimicking real-life scenarios and experiences in a safe and controlled environment.
- Focusing on issues of oppression and the ripple affect it has throughout America's political, educational, and social systems, Dr. Courtney D. Cogburn of Columbia University School of Social Work and her team developed a VR experience that gives users the opportunity to "walk a mile" in the shoes of a black man as he faces racism at three stages in his life: as a child, during adolescence, and as an adult.
- Cogburn says that the goal is to show how these "interwoven oppressions" continue to shape the world beyond our individual experiences. "I think the most important and powerful human superpower is critical consciousness," she says. "And that is the ability to think, be aware and think critically about the world and people around you...it's not so much about the interpersonal 'Do I feel bad, do I like you?'—it's more 'Do I see the world as it is? Am I thinking critically about it and engaging it?'"
President Vladimir Putin announces approval of Russia's coronavirus vaccine but scientists warn it may be unsafe.