(or Zoom choices are what got them in trouble)
(opinions are mine and not DEV's)
A (mild) defense of Zoom Inc.'s troubles
Let me start...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for the detailed resume of all this Zoom situation.
I have never used it and I wasnยดt really understanding some things like how it was so easy to find these open Zoom meetings.
Guessable ids and file names?? Really?? That is like the Web security 101 :(
I guess Zoom never expected to be so widely used outside of the corporate environment. Still, these are pretty serious security issues.
I was also surprised by all this sudden Zoom adoption. I mean, it had a niche usage before. Why not Hangouts or Skype/Teams for example? Not saying these are better, but I thought they were more known by the general public. And schools etc probably are already using Google or MST services internally.
I'm not familiar with Microsoft Teams, but Skype requires users to register, Zoom doesn't. You could literally hop in in a meeting in a few seconds, now it takes a little bit longer as the installer is a regular one but still you don't need to have an account.
Also, do Skype or Team have URLs for meetings? That's a huge factor in adoption, people can send each other meeting rooms and not have to coordinate by who calls whom, as in video within chat apps like WhatsApp
There's also a big mentality of "I use this for work, it's free, let's use it for other things.". Zoom has a huge usage share in business for a number of reasons (aside from what you mentioned, they also let you record meetings, which a number of other options can't do without using screen-recording tools).
Yes, recording meetings is definitely useful, especially in distributed companies
Zoom has gotten what must be a few million dollars in free penetration testing services at this point. They're going to come out of this as the most secure video platform out there. None of these issues are unique to Zoom - if anyone looked at Hangouts, WebEx, or Teams I'm sure they'll find extremely similar issues.
What I look at in these scenarios is the company response, and zoom has done a great job communicating to the public and putting in fixes. I'm going to continue using them as my primary platform.
Ah ah probably, I actually read someone complaining that Zoom doesn't have a form bug bounty program. Don't know if they actually do or not.
Probably, that's what I hinted at in my conclusions. Throwing around alternatives without actually understanding in what they are an alternative for it's not going to help much. That's why I'm waiting for deeply researched comparisons between services.
As mentioned by the team at webrtcH4cKS doing e2e with video is hard.
I'm a bit wary of companies that become good communicators after they have been put in the spotlight but yeah, they are working around the clock to fix the issues.
Let's hope you're right and they come to the other side as the most secure video platform, as their video and call quality is rock solid!
I was surprised to find Zoom growing its user base due to the current world situation. Google Hangouts has been there for so long, and it has always sat with me better. Perhaps Hangouts being the product of big bad Google drove people to seek for alternatives and they found Zoom?
Anyway, I've been satisfied with my company using Microsoft Teams with its smooth group video, whiteboard, and text chat capabilities.
To be fair lots of users use Hangouts. I think a combination of word of mouth, easily shareable URLs and the lack of the requirements of having to have an account helped a lot. Also, its quality and its web client.
Don't know how better it gotten but I remember how two or three years years ago I couldn't use Hangouts from Firefox.
I'm always surprised that going public financially isn't the moment where it's no longer acceptable to put growth so far ahead of security in priority.
Given what I know about pressures to grow and grow and grow and make more and more and more money, I'm not actually that surprised, but it's just kind of ridiculous.
IPO is a milestone on growth, but orthogonal to security. It would be rare for an IPO adviser to offer security advice too. Moreover, with all the financial crisis and what not, it is clear the whole financial sector is not so attentive to security and integrity.
I really enjoyed this read @rhymes . ๐
Thanks Nick!
I use Zoom and love CyberSecurity so this was quite an enjoyable read for me.
Thanks Andrew, I appreciate it. It took a while to write ๐
very well written article, thanks!
Damn !!
Thanks for the explanation
on a side note we have a FOSS alternative : jitsi