Zoom: privacy? what privacy?

For those who might care, Zoom continues to be disreputable in one area: privacy. Zoom was recently caught sending personal information to Facebook in contravention of their own privacy policy. But this is not the first time.

From a highly regarded Apple related web site:
https://daringfireball.net/2020/03/regarding_zoom
Zoom subsequently removed the Facebook integration code and fast-tracked an update to the App Store. But still. This is a company with a history of playing fast and loose with privacy and security. You may recall last summer, when it came to light that the Mac version of Zoom secretly installed a web server, which remained installed and running even if you deleted the Zoom app from your machine. Shockingly, this enabled a security exploit that allowed hackers to take control of your Mac’s camera?—?the sort of privacy nightmare scenario that leads folks to tape over their cameras. Zoom called this hidden unremovable-through-normal-means web server a feature, not a bug. The bug was so insidious that Apple had to push a silent MacOS update to remove Zoom’s hidden web servers…

This Facebook data issue is nowhere near as bad as the web server issue. But it betrays Zoom’s institutional cavalier attitude to privacy. Their privacy policy more or less grants them carte blanche to do whatever the hell they want.

Mistakes happen. Bugs happen. I not only forgive mistakes, I enjoy forgiving mistakes. But Zoom’s callous disregard for privacy does not seem to be a mistake. As Zoom itself said about the hidden web server they secretly installed on Macs, it’s a feature not a bug.

Yeah, this is just as obnoxious as it sounds. So, in no way does this put Zoom’s profitability in question (it might even make that more likely). But it does mean that for people who care about the character of management there’s a pattern of behavior that raises questions. In fact, it stinks.

And, of course, although unlikely, such behavior may one day blow up in their corporate face. In the case of a hypothetical future privacy breach, companies are not going to be happy if they are forced to acknowledge that they are using a tool where their competitors can (easily?) access their private communications – it would lead to endless lawsuits if they can be shown to have been aware of this. Not saying such a thing will happen, but given management’s attitude toward privacy, it’s significantly more likely than if they took privacy seriously.

-IGU-
(not invested in ZM, because belief in management integrity is a requirement for me)

IGU,

This is not good and I hope the $ don’t blind the suits; if Zoom is going to become the next “kleenex” or “xerox” or “uber” or “hoover” or “amazon” or “netflix,” the goodwill of the people and integrity matter so very much. Thanks for the cold buck of ice down Monkey’s fur. Brrrrrrr.

On the other paw, as part of Monkey’s professoring duties down here at the University of Texas, home to lots of Nobel Prize laureates and other academic riff-raff, we received word today about how the initial return to classes went:

"I have no doubts there will be bumps along the way during the first few days. Unforeseen issues to navigate. Kinks to work out. And we will do this together.
We have much to be proud of today. Here are a few statistics to provide context of the scale of your efforts.

- UT Austin generated 5.2 million meeting minutes in Zoom today by 3 p.m. with more than 157,000 participants.

- We shifted 9,076 face-to-face classes to remote learning, involving 49,048 students."

Which doesn’t include the Tuesday, Thursday schedule.

So.

Yeah: don’t mess this up, Zoom. Greed is not the way. Peel your bananas one at a time, with generosity and what’s best for the team spirit and you’ll be fine. If not, you might become a “blackberry” instead.

Love and hugs,

M (long ZM)

For what it’s worth, my Mom is a school teacher in South Florida and the district she is in was set to use Zoom for all of the virtual learning procedures they were putting into place. However, there ended up being some concerns with potential privacy/security vulnerabilities associated with software. Lawyers got involved and, long story short, the school board decided to switch to Skype a few days ago.

That’s obviously highly anecdotal, and a bit of a different concern than what the original poster shared, but figured it was worth mentioning.

Eric Yuan addressed some, not all, of these privacy issues in his interview last week with the ABC news affiliate in San Jose, CA. Zoom’s position in instances like Zoom sessions being “invaded” or some jackhat capturing the screen and broadcasting inappropriate content is due to hosting error; whereby the host launches the session and has not set the proper host security features, such as invitee passwords as one example. In the interview, he does not blame hosts. Instead, Yuan says Zoom needs to do a much better job of educating users on the availability of security features.

I have heard of the security issues and as a public school teacher I can tell you that most of my friends that are teaching online in our large suburban Houston district are using Zoom. As far as I know the only issue has been a student not being appropriate so we were told to make sure our students understood our district’s expectations.

Last May I attended the Motley Fool conference in Washington DC. At one point in the programming Eric Yuan was interviewed via Zoom. I think what most impressed me about him was his sincerity, honesty and humility.
It did not seem like a performance it seems like a reflection of who he is. He wished to treat his employees with integrity/ fairness and his focus was serve the needs of his customers by creating the “best in class” video conferencing platform. I bought my first shares after that interview.

Just food for thought-
Nativecoloradian
( long Zoom)

Well, the New York Attorney General is looking into it! Curious how the markets will react tomorrow. https://www.nytimes.com/2020/03/30/technology/new-york-attor…

From The NY Times article: "With millions of Americans required to shelter at home because of the coronavirus, Zoom video meetings have quickly become a mainstay of communication for companies, public schools and families. Zoom’s cloud-meetings app is currently the most popular free app for iPhones in the United States, according to Sensor Tower, a mobile app market research firm.

Even as the stock market has plummeted, shares of Zoom have more than doubled since the beginning of the year.

As Zoom’s popularity has grown, the app has scrambled to address a series of data privacy and security problems, a reactive approach that has led to complaints from some consumer, privacy and children’s groups."

In what should be a concerning news story for zoom, I actually see more positive than negative!

I tried to understand their privacy policy for half an hour. Not that I really can parse the true meaning of that language… but honestly, I also tried to do that for google services and Mickysoft 365, Skype and Dropbox, Facebook. I can’t see how much different Zoom management behaves in context with other players in the market.

I consider the privacy issue being a real one - but from my little studies, I don’t think Zoom is behaving so much different than the mentioned other players.

I consider the privacy issue being a real one - but from my little studies, I don’t think Zoom is behaving so much different than the mentioned other players.

This is why you are seeing the concern mostly from the Apple device user side of things. Apple users are used to a much higher standard of privacy.

Not surprisingly, today’s news is that it’s worse than previously thought: there are other dubious security practices and end to end encryption is claimed but doesn’t exist (Zoom itself can see your sessions).

https://appleinsider.com/articles/20/03/31/zoom-macos-instal…

But yeah, none of this means that Zoom isn’t having great business success.

-IGU-

For what it’s worth, my Mom is a school teacher in South Florida and the district she is in was set to use Zoom for all of the virtual learning procedures they were putting into place. However, there ended up being some concerns with potential privacy/security vulnerabilities associated with software.

Our local school district (in Silicon Valley) also had some sort of privacy issue with Zoom and decided to use something else (I don’t know what) for now.

Again, while this sort of thing indicates insufficient management integrity for me to invest in the company, it doesn’t mean that they won’t be wildly successful. People should do what they are comfortable with.

-IGU-

Agree. Zoom has a history of laxity about privacy. Some might say “laxity” under-states Zoom’s darker side. They have an uphill battle for widespread adoption in major corporate firms. We would no more use Zoom than Facebook for business communications where I work. We are not alone.

🆁🅶🅱
For not in my bow do I trust, nor can my sword save me.

Good Afternoon Board,

So, the Zoom bears are out and the naysayers abound. Personally, I figured there was just too much positivity on this board regarding Zoom and I have been anticipating that at some point the negative sentiment would have its day. Well, welcome to that day on the board folks! Here we are; numerous posts on security issues; some with merit and others a bit more from the “chicken little; sky is falling” genre, and a few more that seem to come from the “Saul Board Bashers Unite” that would provide us with a negative post about their mother on her birthday…I have never paid much attention to those posts or members because they are always negative and routinely written by the same handful of contributors. Don’t get me wrong; I differentiate these posts from educated and informed debate.

Regarding security issues; please refer to the link for the interview with Eric Yuan below. He makes a few very interesting points (min. 4:10 to min. 5:45) on security. The primary point that hits home with me is that, up until now, Zoom has been a corporate/enterprise product for the most part wherein most of the onboarding has been coordinated by Corporate IT folks; a highly educated group in terms of technology whereby they have easily navigated the security features of Zoom, instituted those features and then educated the end users at their companies. However, now that Zoom has become ubiquitous; the technology level of the new user is dramatically lower than that of the Corporate IT staff; resulting in less educated or even “techie-phobes” as hosts and end users scrambling to onboard quickly during the WFH wave and not making themselves aware of the security features.

Yuan Interview

https://abc7news.com/zoom-app-meeting-video-coronavirus/6056…

Now, back to the negative sentiment for a moment. In all facets of our lives, people or entities usually align into two groups…those that thrive in the success of others and those that simply want to “pee in the pool” regardless. As a successful guy that was born and raised in West Virginia and made his way out, we always referred to it as “crawfish syndrome”. Wikipedia calls it by another name:

Crab mentality
From Wikipedia

Crab mentality, also known as crabs in a bucket (also barrel, basket, or pot) mentality, is a way of thinking best described by the phrase “if I can’t have it, neither can you”.[1] The metaphor is derived from a pattern of behavior noted in crabs when they are trapped in a bucket. While any one crab could easily escape,[2] its efforts will be undermined by others, ensuring the group’s collective demise.[3][4]

The analogy in human behavior is claimed to be that members of a group will attempt to reduce the self-confidence of any member who achieves success beyond the others, out of envy, resentment, spite, conspiracy, or competitive feelings, to halt their progress.

I’m not sure how long this Zoom party will last, but I am enjoying the party. Can’t you just let me enjoy myself for a little bit? You can all line up and send me the “I Told You So” emails later, but in these trying times, I just want a little “Zoom Joy” in my life!

Harley

I love the open meeting by default setting so that anyone can jump in on anyone else’s meeting unless the host has set the privacy appropriately - Zoom-bombing.

For what it’s worth, my Mom is a school teacher in South Florida and the district she is in was set to use Zoom for all of the virtual learning procedures they were putting into place. However, there ended up being some concerns with potential privacy/security vulnerabilities associated with software.

Our local school district (in Silicon Valley) also had some sort of privacy issue with Zoom and decided to use something else (I don’t know what) for now.

It seems that this is something that ZM can easily remedy. I see no reason why they would not.

It appears like ZM does not support end to end encryption. The article goes into a lot of details. I have not gone through it carefully. Possiby webex, and other have the same issues. Don’t know. But worth looking into since most here are heavily invested in ZM.

https://theintercept.com/2020/03/31/zoom-meeting-encryption/…

Long ZM 2.3%

I am not a techie, but I just Googled “Zoom End-to-End Encryption” and received the following:

Enabling End-to-end encrypted chat
Sign in to the Zoom web portal.
Click Account Management > IM Management.
Click the IM Settings tab at the top of the page.
Navigate to the Enable end-to-end chat encryption option and verify that the setting is enabled. If the setting is disabled, click the toggle to enable it.

End-To-End Encryption for Chat – Zoom Help Center

Is this or is this not the right stuff? If you Google other competitors, some appear to have it and some require that the user enable it.

I would welcome an explanation from somebody with a background in this topic,

Harley

Yes chat is encrypted just like whatsapp. The article also says that. But video conference is not encrypted.

I’m long Zoom, and this is an extremely serious situation. There are a few issues here. One is the company struggling to keep up, even with security enhancements, under the massive amount of traffic it’s seeing now. Ok, fair enough, I understand. And users not being well trained on how to use the software, which again is understandable. To show how serious this is, I read this morning that one teacher’s virtual class - delivered through Zoom - was bombarded by pornography during a lessons with many students. This is the kind of thing that will get Zoom blacklisted very fast, even if it’s more an issue of user ignorance about how to better secure the platform.

But another issue is what is being described as “shady” practices, especially on MacOS, to circumvent Apple’s security measures. For example:

https://appleinsider.com/articles/20/03/31/zoom-macos-instal…
Video conferencing service Zoom reportedly installs itself on Macs by working around Apple’s regular security, and also promotes that it has end-to-end encryption, but demonstrably does not.

I think the very real fear here is that Apple will step in and simply block Zoom from working on MacOS, at least until these security practices are changed. Apple is fairly good about looking out for their users, and this seems to be the perfect situation for them to take action. Claiming end to end encryption when not true is very disturbing, as well.

Zoom had better be smart about how they address these issues. And I think they need to move very fast, other others like Apple will “solve” the problem for them.

Yes chat is encrypted just like whatsapp. The article also says that. But video conference is not encrypted.

A technical note: the data stream required for chat is minuscule, for video it’s HUGE. Encrypting video could be expensive in terms of performance.

Denny Schlesinger

Over here in Singapore, Zoom is also in the eye of the storm. For the last month or two Zoom has been a daily point of reference, so much so that I wouldn’t be surprised if the next Covid-19 meme I receive on Whatsapp will involve some witty Zoom anecodote.

I have seen:-

1. Mega corps shifting their VC platform from Adobe Connect (which was always a pain) to Zoom
2. Hospitals, Education institutions and community groups jumping onto a Zoom platform
3. Public webinars starting to be held on Zoom
4. New clients using Zoom as much as Blue Jeans and Skype - Webex, Adobe connect, GoToMeetings and Cisco seem to have all but disappeared. I have yet to be asked to an MS Teams meeting.

Just today we have seen Singapore nudged firmly from Team A/Team B and social distancing business continuity measures to full working from home guidance and with that an even greater reliance on remote working infrastructure. At the same time I literally just received a comment on a Singapore healthcare whatsapp chat group I belong to stating and I copy verbatim… “You doing ok at home?”…“All good :)”…“Just too many zoom call meetings :-)”.

At the same time the very public debate on Zoom’s security has exploded in prominence from US news stories to UK BBC coverage and here on Asia news wires. If this gets into Wall St psyche I wouldn’t be surprised to see Zoom’s share price under threat tomorrow…
https://www.bbc.com/news/business-52115434
https://www.businessinsider.sg/zoom-privacy-issues-fbi-faceb…

Now I understand that there was some tightening up to do on data sharing with Facebook if logging in was performed using Facebook, (which opens up privacy threats across the board and frankly no-one should ever log into anything using Facebook); and I get that encryption is performed on chat but not Video/Audio. Notwithstanding these points, Singapore (which I can assure everyone is about as focused on security as any nation state out there), had its IHIS (the local Govt Healthcare IT agency) evaluate and approve the security of Zoom as a provider/application for use across Government hospitals. Clearly there is a very public debate going on out there.

This maybe as much of a perception and confidence issue now as a technical issue. As such it probably needs to be considered as an investing risk no matter what the adoption uptake looks like and what the reality might be. To a degree perception is reality.

Stay safe and healthy everyone.

Regards
Ant