Zoom has recently (yesterday at the time of writing) acquired the secure messaging app Keybase. Is this a good thing? After the proliferation of the COVID-19 virus, many people switched to working from home. This meant that online meetings and collaboration was necessary. The use of Zoom for video conferencing sky-rocketed, and this severely highlighted many weaknesses in the way Zoom operates. Zoom were relatively quick to act on some of these bugs. With an update on April 19 2020, two major issues were addressed. Firstly, there was a domain contact issue where people had the ability to search and find contacts on the same domain, even if they did not belong to the same organisation. This doesn’t sound bad, however, it essentially treated these contacts as if they were from the same organisation, with the potential for the external contacts to view other organisation’s contacts. It could, and very well may have opened the door to some social engineering. Included in the same Zoom update were changes to users’ profile privacy design, hiding personal information unless explicitly shown by the user. The biggest issue of all with Zoom, however, was the fact that it appeared not to be using encryption, even though it was touted by them that it was. This was discovered by many people and they ‘quickly’ pushed an update through for version 5.0 of their application on May 30, 2020. The fact that they got to the year 2020 and were not enforcing encryption as a standard, especially when they deal with communication is a little disturbing.
These were the most glaring technical issues with Zoom, and it’s good to see that they are taking a more proactive approach to privacy / security, though in my opinion it’s a little late. Companies lose some respect from me when they choose to take the easy route and only take action when things become dire. So, to answer the question, ‘Is this a good thing?’ - I think yes, Zoom did damage their reputation but they are making strides to rectify their mistakes, which is at least partly commendable. I am still skeptical of the overall benefits of the acquisition, especially considering Zoom included a 360 word ‘disclaimer’ regarding the acquisition, complete with specific legal language and even the relevant Act. If you’re interested, the blog post can be found here
As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)
We’ve done the research, so you don’t have to!
Thanks for reading!