Not long ago, Zoom was just a pedestrian app used by a handful of distributed companies for video conferencing. Now, even governments conduct meetings on it; schools use it as a virtual classroom, and some people even have sex parties on it.
As a result, Zoom stock has doubled since the start of the coronavirus crisis—investors have been betting that it remains a mainstream corporate tool in the aftermath.
But that initial enthusiasm is fast fading, because Zoom has been facing increased scrutiny over customer privacy. Recently, there have been daily revelations over what it does with users’ data, and its controversial attention-tracking feature. On Tuesday, a new report revealed that Zoom‘s claim to the most private form of internet communication, end-to-end encryption, is unjustified.
Zoom’s lack of privacy
Zoom, is in fact, using its own definition of end-to-end encryption, according to an investigation by The Intercept news site. It’s one that lets Zoom itself access unencrypted video and audio from meetings.
The encryption that Zoom uses to protect meetings is TLS (transport layer security). It’s the same technology that web servers use to secure HTTPS websites, and it means that, while content is private from anyone spying on your Wi-Fi, it’s not private from Zoom.
But that’s not the only privacy infringement Zoom’s been accused of. On Tuesday, it was also revealed that hackers can steal passwords through Zoom’s Windows client. Cyber experts warn that the app allows bad actors to access email account passwords simply by clicking a link sent over web chat because of a security flaw.