On Zoom

7/10/19: I do not use Zoom. Zoom installing a hidden web server that would could automatically launch video calls and would not get uninstalled with app, in fact it seems it would stay active and automatically install the app upon clicking on links to zoom calls. This is forcibly fixed by an Apple silent update (normally reserved for malware). The lax attitude to security does not bode well for the future.

Update 3/27/20: Zoom sharing data with Facebook without letting users know, and even for non-Facebook users; and Zoom attention-tracking, and how admins can track users. This was fixed in the iOS app (my understanding is that only the iOS app was tested for this leak; not sure if the findings apply to the app other platforms).

Update 3/30/20: haven’t had time to read carefully about this alleged bug in Zoom that allows stealing Windows passwords 

Update 4/1/20: Zoom redefines the meaning of end-to-end encryption. I haven’t read this report of two more security bugs carefully either, but does not look reassuring; at least some changes to the macOS installer that avoided asking for an admin password have been implemented (4/2/20).

Update 8/4/21: Apparently Zoom cannot redefine the meaning of end-to-end encryption, and is being forced to pay $85 million in damages to users for lying and sharing data without consent.

Leave a comment

Your email address will not be published. Required fields are marked *

Designed and hosted by Prisma Analytics Inc.