'Misleading marketing': Zoom video meetings may not be as secure as you think
Video meetings on the popular platform don't seem to offer end-to-end encryption as advertised.
- Despite claims, Zoom's video and audio meetings don't support end-to-end encryption, according to a recent report from The Intercept.
- End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it's decipherable only to the sender and receiver.
- Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
The video conferencing platform Zoom has become wildly popular as millions of people have switched to remote work during the COVID-19 pandemic. The platform offers high-quality streaming, an easy-to-use interface, and end-to-end encryption (E2E), which scrambles data so that it's decipherable only to the sender and receiver. In theory, end-to-end encryption would prevent the government, internet providers, and even Zoom itself from eavesdropping on users' meetings.
But a new report from The Intercept shows that Zoom's audio and video meetings don't seem to actually support end-to-end encryption, at least as that term is commonly defined.
"Currently, it is not possible to enable E2E encryption for Zoom video meetings," a Zoom spokesperson told The Intercept. "Zoom video meetings use a combination of TCP [Transmission Control Protocol] and UDP [User Datagram Protocol]. TCP connections are made using TLS [Transport Layer Security] and UDP connections are encrypted with AES [Advanced Encryption Standard] using a key negotiated over a TLS connection."
In other words, Zoom does encrypt video meetings, but it does so through transport encryption. This means Zoom has the ability to access users' private meetings. One concern among privacy advocates is that the government could someday compel Zoom to hand over recordings of users' meetings, which were advertised as being encrypted end to end.
Speaking to The Intercept, a Zoom spokesperson described the platform's definition of "end to end":
"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point...The content is not decrypted as it transfers across the Zoom cloud."
Although Zoom might not decrypt data as it transfers across the platform's cloud, it certainly has the ability to do so. "They're a little bit fuzzy about what's end-to-end encrypted," Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, told The Intercept. "I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."
In a recently published open letter, the human rights group Access Now called on Zoom to publish a transparency report that includes the following information:
- The number of government requests for user data you receive by country, with compliance rates, and your procedures for responding to these requests
- The circumstances when you provide user information to government authorities
- Policies on notice to potentially affected users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse
- Policies and practices affecting the security of data in transit and at rest, including on multi-factor authentication, encryption, and retention
Other privacy concerns
Zoom is also facing criticism for passing user data on to third parties. Last week, Motherboard published a report showing that the Zoom iOS app was sharing user data with Facebook — even if Zoom users didn't have a Facebook account. On Monday, a Zoom user filed a class-action lawsuit against the company, alleging:
"Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. ("Facebook"), invading the privacy of millions of users."
Looking for a video-conferencing platform that does offer end-to-end encryption? Consider looking into Microsoft Teams, Signal, Clickmeeting, and Wire.
- You're Being Spied on by ISPs. Time to Set Up a VPN and Fight Back. ›
- 4 no-brainer security measures we rarely take - Big Think ›
Young people could even end up less anxiety-ridden, thanks to newfound confidence
- The coronavirus pandemic may have a silver lining: It shows how insanely resourceful kids really are.
- Let Grow, a non-profit promoting independence as a critical part of childhood, ran an "Independence Challenge" essay contest for kids. Here are a few of the amazing essays that came in.
- Download Let Grow's free Independence Kit with ideas for kids.
Researchers in Mexico discover the longest underwater cave system in the world that's full of invaluable artifacts.
New research establishes an unexpected connection.
- A study provides further confirmation that a prolonged lack of sleep can result in early mortality.
- Surprisingly, the direct cause seems to be a buildup of Reactive Oxygen Species in the gut produced by sleeplessness.
- When the buildup is neutralized, a normal lifespan is restored.
We don't have to tell you what it feels like when you don't get enough sleep. A night or two of that can be miserable; long-term sleeplessness is out-and-out debilitating. Though we know from personal experience that we need sleep — our cognitive, metabolic, cardiovascular, and immune functioning depend on it — a lack of it does more than just make you feel like you want to die. It can actually kill you, according to study of rats published in 1989. But why?
A new study answers that question, and in an unexpected way. It appears that the sleeplessness/death connection has nothing to do with the brain or nervous system as many have assumed — it happens in your gut. Equally amazing, the study's authors were able to reverse the ill effects with antioxidants.
The study, from researchers at Harvard Medical School (HMS), is published in the journal Cell.
An unexpected culprit
The new research examines the mechanisms at play in sleep-deprived fruit flies and in mice — long-term sleep-deprivation experiments with humans are considered ethically iffy.
What the scientists found is that death from sleep deprivation is always preceded by a buildup of Reactive Oxygen Species (ROS) in the gut. These are not, as their name implies, living organisms. ROS are reactive molecules that are part of the immune system's response to invading microbes, and recent research suggests they're paradoxically key players in normal cell signal transduction and cell cycling as well. However, having an excess of ROS leads to oxidative stress, which is linked to "macromolecular damage and is implicated in various disease states such as atherosclerosis, diabetes, cancer, neurodegeneration, and aging." To prevent this, cellular defenses typically maintain a balance between ROS production and removal.
"We took an unbiased approach and searched throughout the body for indicators of damage from sleep deprivation," says senior study author Dragana Rogulja, admitting, "We were surprised to find it was the gut that plays a key role in causing death." The accumulation occurred in both sleep-deprived fruit flies and mice.
"Even more surprising," Rogulja recalls, "we found that premature death could be prevented. Each morning, we would all gather around to look at the flies, with disbelief to be honest. What we saw is that every time we could neutralize ROS in the gut, we could rescue the flies." Fruit flies given any of 11 antioxidant compounds — including melatonin, lipoic acid and NAD — that neutralize ROS buildups remained active and lived a normal length of time in spite of sleep deprivation. (The researchers note that these antioxidants did not extend the lifespans of non-sleep deprived control subjects.)
Image source: Tomasz Klejdysz/Shutterstock/Big Think
The study's tests were managed by co-first authors Alexandra Vaccaro and Yosef Kaplan Dor, both research fellows at HMS.
You may wonder how you compel a fruit fly to sleep, or for that matter, how you keep one awake. The researchers ascertained that fruit flies doze off in response to being shaken, and thus were the control subjects induced to snooze in their individual, warmed tubes. Each subject occupied its own 29 °C (84F) tube.
For their sleepless cohort, fruit flies were genetically manipulated to express a heat-sensitive protein in specific neurons. These neurons are known to suppress sleep, and did so — the fruit flies' activity levels, or lack thereof, were tracked using infrared beams.
Starting at Day 10 of sleep deprivation, fruit flies began dying, with all of them dead by Day 20. Control flies lived up to 40 days.
The scientists sought out markers that would indicate cell damage in their sleepless subjects. They saw no difference in brain tissue and elsewhere between the well-rested and sleep-deprived fruit flies, with the exception of one fruit fly.
However, in the guts of sleep-deprived fruit flies was a massive accumulation of ROS, which peaked around Day 10. Says Vaccaro, "We found that sleep-deprived flies were dying at the same pace, every time, and when we looked at markers of cell damage and death, the one tissue that really stood out was the gut." She adds, "I remember when we did the first experiment, you could immediately tell under the microscope that there was a striking difference. That almost never happens in lab research."
The experiments were repeated with mice who were gently kept awake for five days. Again, ROS built up over time in their small and large intestines but nowhere else.
As noted above, the administering of antioxidants alleviated the effect of the ROS buildup. In addition, flies that were modified to overproduce gut antioxidant enzymes were found to be immune to the damaging effects of sleep deprivation.
The research leaves some important questions unanswered. Says Kaplan Dor, "We still don't know why sleep loss causes ROS accumulation in the gut, and why this is lethal." He hypothesizes, "Sleep deprivation could directly affect the gut, but the trigger may also originate in the brain. Similarly, death could be due to damage in the gut or because high levels of ROS have systemic effects, or some combination of these."
The HMS researchers are now investigating the chemical pathways by which sleep-deprivation triggers the ROS buildup, and the means by which the ROS wreak cell havoc.
"We need to understand the biology of how sleep deprivation damages the body so that we can find ways to prevent this harm," says Rogulja.
Referring to the value of this study to humans, she notes,"So many of us are chronically sleep deprived. Even if we know staying up late every night is bad, we still do it. We believe we've identified a central issue that, when eliminated, allows for survival without sleep, at least in fruit flies."
We must rethink the "chemical imbalance" theory of mental health.
- A new review found that withdrawal symptoms from antidepressants and antipsychotics can last for over a year.
- Side effects from SSRIs, SNRIs, and antipsychotics last longer than benzodiazepines like Valium or Prozac.
- The global antidepressant market is expected to reach $28.6 billion this year.