Video chatting service Zoom (ZM) is feeling the heat. The company — which saw its daily active user count jump from 10 million in December 2019 to 200 million last month as cities and states locked down amid the coronavirus pandemic — has been buffeted by controversy surrounding its security and privacy practices.
“What we are seeing is a system that largely achieves the functionality that it purports to offer, but, it turns out, does not achieve good security, and potentially puts users at risk, and certainly isn’t something that should be used for sensitive materials,” explained David Levin, assistant professor of computer science in the Maryland Cybersecurity Center.
The company was already facing three proposed class-action lawsuits alleging it shared user information with Facebook without users’ explicit consent, when, on Tuesday, shareholder Michael Drieu filed a fourth over the deluge of security incidents related to the service.
An investigation by The Washington Post, meanwhile, found unprotected recorded user videos including one-on-one therapy sessions and elementary school classes stored on the open web. The FBI’s Boston field office has issued a warning about so-called Zom-bombing, in which uninvited individuals gain access to Zoom video meetings and show or yell inappropriate things including racist imagery.
A group of women use the Zoom video conferencing application to have a group chat from their separate homes, during the UK coronavirus lockdown. (Photo by Dominic Lipinski/PA Images via Getty Images)
Zoom also shipped its software with a data mining feature that allowed some users to view other Zoom users’ LinkedIn profile information without their knowledge, according to a report last week from The New York Times. As a result, entities including the New York City Department of Education have barred the use of the app.
Zoom, to be sure, offers its own benefits including an easy-to-use interface that allows consumers to join chats via shareable links. But the company seemingly focused more on ease of use than security in its quest to become the go-to chat app for businesses and consumers.
And while it offers its own security features, including the ability to password protect chat rooms, and enable virtual lobbies that can prevent Zoom-bombing, they weren’t turned on by default until the company released an update on April 2.
On top of that, Zoom has said it used end-to-end encryption for its chats, but a report by The Intercept found that wasn’t the case. End-to-end encryption encrypts users’ chats when they leave their device, and only decrypts them when they reach their intended recipient. The benefit of this is that no one in the middle can see what you’re sending to your friends or family.
Instead, Zoom was using technologies that encrypted user data on its way to Zoom’s servers. But once there, it could be viewed by Zoom. The company says it never viewed this information.
But by claiming it offered end-to-end encryption when it didn’t, Zoom gave users a sense of security that didn’t actually exist.
The company responded with a statement saying it encrypts data sent from users’ devices and doesn’t decrypt it when it gets to its servers, before being routed to the message recipient, but that’s not the same as having end-to-end encryption. In other words, Zoom could theoretically unlock that data, though it says it doesn’t have the means to do so at the moment.
On top of the lack of encryption, the way it is installed on computers can leave users vulnerable to third-party attacks, according to NYU associate professor of computer science and engineering Justin Cappos.
“Whether it’s having guessable meeting IDs, not having ways to stop people from getting in meetings who aren’t supposed to be in there, it’s just really not an application that if you care about others coming in and interrupting what you’re doing then you probably shouldn’t be using Zoom,” Campos told Yahoo Finance. “And you probably shouldn’t be installing their software on your system.”
So where does that leave people hoping to stay in touch with those important to them while locked in their homes? Thankfully, a number of options out there offer similar capabilities and more robust security capabilities.
Google Duo - Free
If you’ve been leaning on Zoom to keep up with your close friends and family, but are feeling uneasy about the service with all of the talk of security problems, you can look to something like Google’s (GOOG, GOOGL) Duo. Available on Android, iOS, and via web browser, Duo normally offers the ability to chat with up to 8 people at a time. However, Google has upped that to 12 users at a time in light of the coronavirus outbreak and stay-at-home orders. The service also offers end-to-end encryption by default.
Skype - Free
The old standby, Skype has been around for years, and is still Microsoft’s (MSFT) primary consumer chat app. You can stay in touch with up to 50 people at a time via the service for free, and can launch private chats with end-to-end encryption, though those are limited to chats with one person, and you can only use the chat on a single device at a time. That’s worth keeping in mind if you’re hosting large group chats.
With availability across desktops, mobile devices, Alexa, and Microsoft’s Xbox, you’d be hard pressed to find someone with a connected device who can’t use the service.
WhatsApp - Free
WhatsApp, which is owned by Facebook (FB), is built around security. Part of the reason the free service is so widely used is that end-to-end encryption is turned on by default, so you don’t have to worry about fiddling with settings. You can send text chats, and make audio and video calls through the software, which is available on Android, iOS, Mac and PC, though video chats are limited to just 4 people at a time. So if you’re hoping to have a virtual family reunion, you might need to use a different option.
Apple FaceTime - Free to Apple users
If you’re not keen on downloading any new software, and you and your friends are all Apple (AAPL) users, then FaceTime is likely the best option out there for you. FaceTime group video chats support up to 32 people at a time and are end-to-end encrypted. The software also includes fun gimmicks like emojis, miimojis, and AR effects.
But the main sell here is convenience for Apple users, since FaceTime is already on your iPhone, iPad, and Mac. But since FaceTime isn’t available on Android, web browsers, or PCs, anyone who doesn’t own an Apple device will be left out in the cold.
What if you need to use Zoom?
If your business or friends and family are still using Zoom, there’s a way for you to access the software without worry. According to Cappos, you can simply run Zoom in your web browser without installing any additional software or browser plug-ins.
Doing so, he explained, would prevent any issues with the way the software installs on your machine, which he says can leave you vulnerable to attacks, while still letting you chat with the people in your life.
As for preventing Zoom-bombing, the company says it now enables passwords and a lobby system by default that will prevent unwanted users from entering video chat rooms.
Still, if you’ve got reservations about using Zoom going forward, there are certainly alternatives out there that may be better suited to your needs.
