With Huge Popularity Comes Huge Concerns of Privacy

What is Zoom App?

Zoom is a web-based video conferencing tool with a local, desktop client and a mobile app that allows users to meet online, with or without video started in 2011 by Chinese software engineer Eric Yuan. Zoom users can choose to record sessions, collaborate on projects, and share or annotate on one another’s screens, all with one easy-to-use platform.

Zoom has passed rivals such as Skype and Microsoft Teams, because of some pretty simple specialities of the platform such as adaptive backgrounds.

Why people are crazy about it?

• Easy to use — login to access is not required for the meeting.
• Availability on all platforms, like on Pc, Apple, Android.
• Zooms free plan has a very generous free plan where 100 people can join a conference for just 40 mins. 
• Recently due to coronavirus, Zoom has just lifted for schools in the UK, Canada and Germany to allow teachers to make use of longer sessions as they home-school their pupils. So more people are started using it.

with these excellent features for free, the zoom app downloads and usage has surged during coronavirus. It has landed on the top downloaded list in the Apple app store, Google Play Store.

Security Flaws

When there is no login access to meetings, random people are joining in the meetings and sharing porn videos on the screen through the meeting links. This gag is named as Zoombombing by the trollers. 

Another Security flaw is, that the zoom is leaking some email addresses, user photos, and allowing some users to start a video call with strangers because of an issue with how the app handles contacts that it learns work for the same organization.

Wrong Promises

Zoom promised that it's video conference platform has end-to-end encryption just like Whatsapp in its website. But Zoom uses a TLS encryption, the same standard as the web browsers use to secure HTTPS websites. But the term end-to-end encryption refers to protecting the content between the users entirely with no company access at all, similar to WhatsApp.

Sending Data To Facebook

The Zoom app reports to Facebook when the user opens the app, details on the user's device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device which companies can use to target a user with advertisements.

A user of the Zoom filed a class-action lawsuit against the company for sending data to Facebook. The lawsuit states that Zoom violated California's new data protection law by not obtaining proper consent from users about the transfer of the data.

By using the Facebook SDK, Zoom originally implemented the ‘Login with Facebook’ feature in order to provide users with a convenient way to access its platform. Then, zoom removed the code that sends data to Facebook and now just uses the SDK for login.

Banning the Use of Zoom

With that Facebook and security issue,

• Google sent an email to employees whose work laptops had the Zoom app installed that cited its “security vulnerabilities” and warned that the videoconferencing software on employee laptops would stop working.
• SpaceX has forbidden its employees from using Zoom.
• Smart Communications, a Philippines-based Internet Service Provider, has banned the usage of Zoom for its employees.
• The Taiwanese government has banned Zoom video conferencing app for use by all government agencies.
• NASA has banned all employees from using Zoom.
• The German Foreign Ministry has restricted Zoom use to personal computers in emergency situations only, as reported by Reuters.
• The United States Senate has urged its members to choose platforms other than Zoom due to security concerns but has not issued an outright ban.
• The Australian Defense Force banned its members from using Zoom after an Australian comedian Zoom bombed one of its meetings.
• Singapore bans teachers using Zoom after hackers post obscene images on screens.

The Ministry of Home Affairs has issued guidelines to use the Zoom video conferencing in India to prevent unauthorised entry in the conference room and even malicious activity by authorised participants on terminals of the other participants. These guidelines would also avoid DOS attack by restricting users through passwords and access grant. And restricted for government use.