Since the start of the enhanced community quarantine, Zoom meetings became a daily routine with my friends and colleagues. Because of Zoom’s popularity, the service has come under scrutiny because of security risks, including built-in attention-tracking features to “Zoombombing,” where an uninvited guest hijacks the session leading to disruption. If you are using Zoom for on-the-record activity like you would for vlogging or live events, it should not be a concern. Citizen Lab research explains that they do “not see the need to ban Zoom for cases not requiring robust confidentiality measures.” Such instances may include meetings that you might have held in a public or semi-public place. Taking part in a lecture, listening to a musical performance or keeping in touch with friends and family are just a few examples. According to Citizen Lab, Zoom is not appropriate where strong confidentiality and privacy is required, including:
– Governments concerned about espionage
– Businesses concerned about cybercrime and industrial espionage
– Health care providers handling sensitive patient information
– Activists, lawyers and journalists working on sensitive topics
When I wrote “Zoom past the physical distancing” (The Manila Times, March 29, 2020), major security issues on this videoconferencing service appeared right after publication. Some schools and companies have already banned Zoom and moved on to other video conferencing apps. What then is a secure video conferencing software? Deciding an appropriate software and level of security is a personal choice. Know your requirements and weigh your risks.
Electronic Frontier Foundation explains that “there is no such thing as a perfect or one-size-fits-all messaging app. For users, a messenger that is reasonable for one person could be dangerous for another.” If you require secure communications service, Citizen Lab’s advice is to choose a tool with end-to-end encryption that has been validated as safe by independent research. In my quest for a Zoom alternative that is better, secure and with end-to-end encryption for multiple participants — my sisters and I chatted on Jitsi Meet, Blue Jeans and UberConference. Discord and Microsoft Teams were considered, but since not all of us in the family are techies, we limited ourselves to simple and easy-to-use services.
In the past, we already used Facebook Messenger, Google Hangout and Skype, but we were not happy with the choppy video and dropped calls. We ended up removing the video just to hear each other. Where is the fun in that? Face Time was fine, but not all of us are iPhone users. Video calls on Jitsi using default settings were not stable. UberConference’s screen share feature turned out buggy. Using BlueJeans with Dolby Voice felt like Zoom without the Virtual Background feature. I was hoping BlueJeans had this fun feature because it hides the clutter behind me. Unlike Zoom, BlueJeans does not have a free version but allows a seven-day trial. As much as we liked BlueJeans, it just made little sense to subscribe to two video conferencing services.
I am taking my chances with Zoom but would be mindful of security tips. If you prefer to continue using Zoom, maintain the security of your next meeting by keeping your Zoom app updated to take advantage of the many security fixes. My minimum settings include setting a password with a randomly generated ID, choosing to allow signed-in users, locking down the meeting, enabling waiting room and disabling file sharing until I lock the meeting. Sharing of sensitive or confidential information should not be part of the conversation.
Implementing a 90-day plan to strengthen privacy and security for Zoom, including a third-party security review would ultimately resolve the flaws. So far, Zoom released multiple updates that incorporated a new security control for meetings and removal of meeting IDs in the toolbar. Their latest update on April 14 allows hosts to configure minimum meeting password requirements to adjust the minimum length and require letters, numbers and special characters, or allow only numeric passwords. Starting April 18, paid subscribers could opt-in or out of specific data center regions.
In the end, the Zoom user will decide if all these updates are enough. While waiting for Zoom to fix the flaws, make sure your gadgets are secure. Whether or not you are a Zoom user, check with Citizen Lab Security Planner (Securityplanner.org) web tool for personalized online safety recommendations. I also keep communications secure by reviewing the Surveillance Self Defense Guide (Ssd.eff.org). Let’s continue to stay safe in our physical and virtual spaces.
First published at the Sunday Business & IT, April 19, 2020.