Skip to main content

Zoom can't be Trusted.

·3 mins

If you think back to 2006, you where likely hearing all about a new website called Facebook. Your family, friends, and acquaintances were all asking the singular question “are you on Facebook?”. Over the years to follow, it would seem the entire world was using Facebook to keep in touch with family, share photos of a recent event, spy on an ex-girlfriend, or sell a used sweater. Facebook became such a staple in modern life that if you ever met someone who didn’t have an account, they were considered a little weird.

Those outliers often refused to join the website due to privacy concerns. For a long time, most of us chose to believe one of two things, either Facebook can’t be as creepy as they said or Facebook would never be interested in little old me. As time went on, those outliers were proven right as Facebook proved they could not be trusted with user data — other than make huge wads of cash from it.

As history tends to repeat itself, Zoom appears to be following in Facebooks footsteps. Just as Facebook filled the need to asynchronously keep in touch, Zoom is filling the need to synchronously keep in touch. In true Facebook fashion, everyone knows one person who refuses to download or use Zoom for privacy or security reasons. And, just like Facebook - they’re totally justified.

In the last 12 months alone, Zoom has had numerous vulnerabilities exposed and privacy concerns reported. A hidden web server that would automatically join a Zoom meeting with the click of a link1, a shady pre-install script to bypass admin authentication2, and their unorthodox definition of end-to-end encryption3 are just 3 examples in recent time.

No software is without bugs, even the best companies can be found with a security vulnerability from time to time. The disturbing pattern at Zoom, however, is that their security vulnerabilities don’t come from mistakes or accidents. Instead, they come from a conscious decision to bypass security in the name of seamlessness and product differentiation4. They’re trying to get around all the safeguards other companies and industry experts have placed to protect the users and their data. This behaviour casts a dark shadow over Zoom, both as a product and a company and is very reminiscent of Facebook. They don’t have trouble with security and privacy — they have trouble with getting caught.

  1. Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! ↩︎

  2. The ‘S’ in Zoom, Stands for Security ↩︎

  3. Move Fast and Roll Your Own Crypto ↩︎

  4. Zooms official response after the 2019 report uncovering their hidden web server ↩︎