More Zoom security and privacy lapses

I’ve heard and read a lot of good things about Zoom, but I find this to be rather concerning:

1 Like

There has been a lot of love for Zoom here recently, but their privacy policy sucks and their history (including deliberately backdooring their users) is frightening. I found it telling that my 14 year old son, when told he needed Zoom for an academic exercise, immediately spun up an instance of Linux in Virtual Box and ran Zoom from there.

I haven’t used Zoom, but I appreciate that most teleconferencing tools can be pretty hard for laypersons to use. Apparently Zoom addresses a lot of those shortcomings but, unfortunately, at the expense of their users’ security and privacy.

Lots of press:

https://www.patreon.com/posts/cybersecurity-24-35206325

2 Likes

Zoom has now acknowledged that its iOS app was sending data to Facebook and says that it was because it used the Facebook SDK to allow users to login using their Facebook credentials and didn’t realize that the Facebook SDK would also be sending data to Facebook.

Since I can’t see Zoom benefiting from this in any real way (it was only the iOS app, and not all the rest of the platforms supported), I’m willing to chalk this particular error up to sloppy, negligent development on Zoom’s part.

The question is if it’s “evil as usual” from Facebook, in the sense that there’s a big difference between providing a login service and “oh, by the way, unless you disable this other code, Facebook will be getting data associated with the connection.” If that reading is correct, the Facebook SDK is basically a Trojan horse for any app that implements it.

Login with Apple is looking better and better, though I’ve only been able to use it once, I think (and the specific example is escaping me).

1 Like

Was it “sloppy, negligent development” when they deliberately wrote code to backdoor macOS users’ computers?

Was it “sloppy, negligent development” when they deliberately designed that code to persist even after their app was deleted?

Was it “sloppy, negligent development” when that code gave them (and anyone else on the internet) remote access to users’ cameras?

Was it sloppy and negligent when they publicly denied that they had put the backdoor code in their product?

Was it sloppy and negligent when, after a proof-of-concept became available, they then insisted that it was nothing users need to worry about?

And is it truly “sloppy, negligent development” now that they included code in their product that violated their users’ privacy?

Yes, I believe it is. But that kind of repeated (and repeated and repeated) slop and negligence only exists when there is a bone-deep arrogance toward their users. I don’t have a pony in this race, but I am astonished by what I see. I think forgiveness is a good thing. Were someone to deliberately bypass my home security system, steal some secret papers, and leave the doors unlocked behind them, I might (might) be willing to forgive them. But I would never hire them to be caregivers to my children or my patients or my friends or my business associates or even my sworn enemies. But here we are.

To put it another way, if someone screws up and does something evil, we might hold out hope that they will reform. But if they act over and over out of willful ignorance, it seems unlikely their behavior will change.

More press on Zoom’s creepy behavior:

EDIT: A PS and a sort of apology. That was awfully rant-ish and, as I said, I don’t have a pony in this race. It’s the sort of post that I might write but usually would never send. But I am up to my eyeballs in folks suffering in various ways from the pandemic. People are sick and, probably soon, dying at my doorstep and our government has abdicated a lot of their public-health responsibility to private industry who is letting their thirst for data deepen and prolong the crisis. So, yeah, I’m frustrated and pissed and Zoom has made themselves a convenient target.

https://sacmedoasis.com/testing

1 Like

Oh, I’m not defending Zoom in general, which is why I was careful to say “this particular error.”

And you’re certainly excused your rant—we all need to blow off steam these days, and you as a medical professional more than any of the rest of us.

But as much as Zoom has problems, it pales in comparison to the festering boil that is Facebook. How much more data about everyone is Facebook getting because of the pandemic? Sure, ad sales may be down right now, but that data will just feed Facebook’s future abuses.

1 Like