Ami I being too paranoid in not wanting to sign in to Zoom video conferences?

April 05, 2020, 12:29 AM

Bible studies, choir, other groups of which I'm a part are using Zoom for video conferencing.

The first several things I read about Zoom were:
1. It claims to be end-to-end encrypted but is not
2. Hackers and pranksters can easily access Zoom conferences
3. Zoom sneakily installs itself on your computer and gives itself access to contacts and other private stuff
4. The Zoom iPhone app is crap
5. Elon Musk bans Zoom from use in SpaceX
6. The FBI is warning against Zoom use
7. Zoom's secret weapon is "our Chinese engineers"
8. Zoom, like Huawei, can be used by the Chicoms against us

Now some of the above I may not have gotten right, but it sounded scary enough that I have refused participation in meetings and sent out articles to friends warning them against Zoom.

In today's WSJ, there was this:

Zoom CEO: I Really Screwed Up

quote:
Use of Zoom exploded as the coronavirus pandemic has forced more people to stay home. Where once it enabled client conferences or training webinars, it is now also a venue for virtual cocktail hours, Zumba classes and children’s birthday parties. It became the most downloaded free app on Apple’s iOS App Store, leapfrogging bigger names like TikTok, DoorDash, and Disney+.

The number of daily meeting participants across Zoom’s paid and free services has gone from around 10 million at the end of last year to 200 million now, the company says. Most of those people are using its free service.

Zoom’s initial public offering just under a year ago was one of 2019’s most successful, making Mr. Yuan a billionaire. While the stock market has taken historic tumbles over the past month, Zoom’s shares are up.

But the platform’s surging popularity has attracted trolls and hackers, as well as scrutiny from privacy advocates. The practice of “Zoombombing”—where people gain unauthorized access to a meeting and share hate-speech or pornographic images—entered the popular vernacular almost overnight. Security experts found publicly highlighted problems with Zoom’s technology could leave user data vulnerable to outsiders’ exploitation.

The Federal Bureau of Investigation issued a warning Monday about videoconference hijacking, spurred in part by Zoombombing incidents. In the U.S., 27 attorney general’s offices have raised questions about privacy issues, Zoom said, adding it is cooperating with authorities.

On April 1, Mr. Yuan issued a lengthy blog post on Zoom’s website vowing to devote all his engineers to fixing trust, safety and privacy issues.

“I thought I was letting our users down,” he told the Journal on a video call, using a Zoom virtual background depicting the Golden Gate Bridge. He hasn’t had more than 4½ hours of sleep a night in the past month, he said. “I feel an obligation to win the users’ trust back.”

For those with professional knowledge of the security issues related to Zoom, what should I do?
I'm not discussing national security issues in my Bible study,

April 05, 2020, 01:22 AM

flashguy

Following this topic with interest.

flashguy

April 05, 2020, 01:40 AM

mk689

Zoom has made some changes in default settings, for example all meetings are set up with a password by default, so that makes it a lot tougher for "intruders" to get in.

They can't encrypt connections into the conference over regular telephone lines, and that is a source of confusion for people. If everyone is on a computer using computer audio, you are pretty much OK.

If you want an alternative, look at Jitsi.org. That is an open-source alternative.

Also, Skype has opened up a lot of previously premium features, but I haven't looked into it - but there you are putting as much (if not more) trust in Microsoft as you would be in Zoom.

April 05, 2020, 02:41 AM

bigdeal

quote:
Originally posted by sjtill:
I'm not discussing national security issues in my Bible study,

I think you'll be good to go for Bible Study.

April 05, 2020, 03:13 AM

flashguy

quote:
Originally posted by bigdeal:
quote:
Originally posted by sjtill:
I'm not discussing national security issues in my Bible study,
I think you'll be good to go for Bible Study.

Unless you consider that a "Bible Study" probably identifies one as a Christian, which is a target group these days.

flashguy

April 05, 2020, 06:44 AM

mojojojo

The answer to the question you asked in your post headline is yes.

April 05, 2020, 08:14 AM

hile

The exploits I've seen so far are local privilege exploits - meaning an attacker must ALREADY have compromised the host before being able to use ZOOM to do things. I use it from my phone rather than my laptops (personal or work) to mitigate those risks.

April 05, 2020, 08:49 AM

WaterburyBob

I would guess that your smartphone listening to everything should be more of a concern. Alexa or Google even more so.

April 05, 2020, 09:11 AM

Copefree

The first several things I read about Zoom were:

1. It claims to be end-to-end encrypted but is not (If people want to join my boring ass work calls, more power to them)

2. Hackers and pranksters can easily access Zoom conferences (If people want to join my boring ass work calls, more power to them)

3. Zoom sneakily installs itself on your computer and gives itself access to contacts and other private stuff (It can be beneficial. Also, see their privacy policy)

4. The Zoom iPhone app is crap (My opinion is different)

5. Elon Musk bans Zoom from use in SpaceX (I don’t work for SpaceX so this doesn’t affect me)

6. The FBI is warning against Zoom use (They issued that warning because of ‘Zoombombing’, where some bored person finds their way into your public meeting. This means you’ll have to hang up and start a new meeting. Add a password and you’ll be okay.)

7. Zoom's secret weapon is "our Chinese engineers" (Some smart folks over there in China)

8. Zoom, like Huawei, can be used by the Chico's against us (I guess so)

April 05, 2020, 09:12 AM

RHINOWSO

quote:
Originally posted by mojojojo:
The answer to the question you asked in your post headline is yes.

Indeed.

April 05, 2020, 09:14 AM

Haveme1or2

I'm on Zoom daily.
The hoodrats became energized by the media reporting "zoombombing".
Another media infused act. The didn't start it but the way they told about it increased knowledge and curiosity.
Make sure there are password protected or your church ladies are gonna get shown porn.
Also there are other measures to use to create a "foyer" ppl have to come through and get accepted into meeting.

April 05, 2020, 09:17 AM

RogueJSK

Yes, you're being paranoid.

To solve the "zoombombing" issue, use a password and/or a lobby. Problem solved. Keep Zooming.

The FBI isn't saying not to use Zoom. They're simply recommending not having your Zoom meetings fully open to the general public, which is basically a no-brainer.

This is like having your home wifi network visible. It's only an issue if you dont use a password, meaning you're allowing any Joe Blow to connect to your Wifi and do whatever they want.

The answer is to use a password, not go the nuclear option and simply swear off Zoom/Wifi altogether because "hackers and pranksters are scary".

As for the privacy concern, you have the option of allowing it access to your contacts if you choose. It is not required. If that concerns you, simply don't allow it.

April 05, 2020, 10:46 AM

gpbst3

quote:
Originally posted by WaterburyBob:
I would guess that your smartphone listening to everything should be more of a concern. Alexa or Google even more so.

You smartphone would be more of a concern.

April 05, 2020, 10:54 AM

sidss1

I reluctantly have started using Zoom, just because the University I work for uses Zoom for everything. I dont like that fact that it shares your info, is practically owned by the Chinese Communists, and its operations and most of its workforce are located in the PRC. I am forced to use Zoom, but I dont like it at all.

April 05, 2020, 11:36 AM

FishOn

I will never use Zoom. Just like I have never been on Facebook or Twitter. Don't let your kids use Tik Tok either.

Use Skype or Microsoft Teams.

April 05, 2020, 11:39 AM

jhe888

If anyone wants to spy 9n my Zoom meetings, they'll die of boredom.

I don't think the Chinese care much about me.

April 05, 2020, 11:46 AM

ensigmatic

quote:
Originally posted by sjtill:
For those with professional knowledge of the security issues related to Zoom, what should I do?

I haven't paid close attention to this app, because, quite honestly, I cannot see myself ever having a need for it. However, Zoom does not appear to be a significant threat--from what little I've seen.

My general philosophy about such things goes something like this: Every app I run, on every platform, increases my vulnerability. Increased vulnerability equals increased risk of compromise. Therefor I don't install and run apps for which I don't feel I have a need. The more questionable the app--the more vulnerable it would appear to make me, the more compelling must be that need.

E.g.: I run a weather app on my phone and tablet. The weather app is from a maker with a long history, so is relatively trustworthy. The app requires little in sensitive access/permissions on my devices. So, though the need isn't particularly compelling, the risk factor is quite low. Zoom, however, is from a relatively new source and would require fairly wide-ranging access to my device. So, for me, the need would have to be damn compelling before I'd install and use it.

In your shoes, I'd ask myself "Do I really need to do this?" and proceed on that answer.

April 05, 2020, 02:54 PM

FHHM213

When I use Zoom to host a live Q&A session for my college students, I use my office desktop (that I brought home 2 weeks ago) and its hardwired into the network. I’m using a licensed version of Zoom provided by our University. I don’t use a password for our class meetings but instead use the “waiting room” feature to admit my students individually. I don’t use that computer for any personal activities (banking, etc) and I shut it down when not working. I sign out and close the Zoom app and / or browser-based access when not in use. My personal laptop is disconnected from the network any time that the desktop is connected (mostly since I’m too lazy to run another line of Cat5e temporarily).

When we’ve recently used Zoom to host some family gatherings, I use the Zoom app on my iPad. The app is only allowed access to my camera and mic during the session and then I eliminate that access after the meeting session. I also sign out and close the app.

Am I perfectly safe? No. But I think these steps reasonably reduce my risk and that’s about all we can accomplish these days with the internet, unless you want to make IT security both a vocation and obsession (I don’t).

If I were to only use Zoom as a participant, I’d use either my iPhone or iPad as described above. Keep the device and apps updated and limit access.