News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Zoom: Is it safe?

    Posted on Tracey Capen Comment on the AskWoody Lounge

    Home Forums AskWoody blog Zoom: Is it safe?

    Viewing 21 reply threads
    • Author
      Posts
      • #2263435 Reply
        Tracey Capen
        AskWoody MVP

        SOCIAL NETWORKING By Lincoln Spector Have you noticed that the start of every article about Zoom suggests that it has quickly turned into the most nee
        [See the full post at: Zoom: Is it safe?]

        3 users thanked author for this post.
      • #2263456 Reply
        woody
        Da Boss

        I echo Lincoln’s conclusion: In spite of the problems, I, too, am sticking with Zoom – for precisely the reasons he mentioned.

        1 user thanked author for this post.
      • #2263460 Reply
        Ascaris
        AskWoody_MVP

        The reports of the hidden web server (meant to bypass security measures) that came along for the ride on the Mac Zoom client is most troubling, and the way that the iOS version reported data to Facebook (which has no dog in this hunt at all) is concerning too. They also lied about having end-to-end encryption on Zoom chats.

        These things call into question the ethics of the developers, in addition to the technical lapses that make “Zoom bombing” and such possible.  It’s annoying that such a shady product has “zoomed” to the market share they now have in spite of everything.

        There’s two general kinds of risk that Zoom seems to present. First is the risk that installing their software will bring along bits you didn’t count on… which is the definition of a Trojan horse, a kind of malware. Those kinds of things, according to the linked article, are limited to the Apple versions of the client, but if the company is unethical enough to put the stuff in Mac and iOS versions, there’s no saying they won’t do it with versions for other OSes.  It seems unlikely that the versions of Zoom for non-Apple OSes have these kinds of things in them now, since all of the hoopla about Zoom security surely has attracted the attention of security researchers.

        The second kind of risk is that the meeting itself could be insecure.  I was aware of that possibility when I was invited to a Zoom meeting less than a month ago, which I accepted. Nothing that either of us said was a secret, and I would not have used it for any sensitive topic.  The other kind of risk, that the Zoom client came with malware, hasn’t as yet been reported in the Linux version, but that doesn’t mean it’s absolutely not there or that a future version of the client might not include something malware-ish.

        If Zoom wants to offer its services as a legitimate software developer/service provider, it should not be necessary to resort to these underhanded tricks. Legitimate software doesn’t use them.  It’s easier to lose trust than to gain it!

        As for whether I will use it going forward… Well, I really can’t say. I didn’t expect to use it the time I did.  Will I get another invitation that I want to accept?  I can’t say.  I’ve only had two occasions to do videoconferencing during my lifetime (the first was in 2018), so it’s not exactly a regular thing. I’ll have to evaluate the invitation if and when it arrives, as I did with the one I accepted.

        Group "L" (KDE Neon User Edition 5.19.2).

        8 users thanked author for this post.
        • #2264068 Reply
          anonymous
          Guest

          I will continue to use it as well for “lite stuff”.

          It’s not that I’m not familiar with virtual meeting software. While in support at Big Red, we had group meetings using either Cisco’s corporate collaborative software, or the old Beehive Collaborator. (Gasps and feels faint!) The latter was truly one of the worst and least intuitive thing ever, ever, to setup. In no way, shape or form, could a lay person use this. Even the Cisco Go-to-Meeting is not easy to use. I can’t expect an elder relative or someone non-technical use this.

          Anyway, is Skype any better? I’m not so sure. For awhile I used Skype, and I always found it to be a network hog, and ate system resources like crazy. Then after Microsoft bought it I ended up with stalkers every time I accessed my Outlook email because of how it integrated with my contacts. These weren’t real stalkers, but people would bug me as soon as I checked my email, which I did and continue to do multiple times a day. After that annoying thing, I ripped Skype out of Windows, and canceled my account.

          In 2017 I started virtual piano lessons with a gent in Belgium and he introduced me to Zoom. From that point on, Zoom is my meeting software for our monthly Patreon calls and for my virtual railroad friends I assist with for their technical issues. We share desktops and I show them my latest work, and vice versa, and I assist them with technical issues.

          I agree Zoom’s roughshod approach to issues and poor development practices definitely needs addressing, but for casual use, this is fine. Shame on them and they truly need to be called to the carpet for that.

          On a scary note, if anyone uses their “secure” meetings, you’ll notice a password directly in the URL. Yes!

          Example: (x’s to remove meeting id for security)

          From generated link a previous meeting I had:

          https://zoom.us/j/xxxxxxxx?pwd=WDN2OHlqbTNYaG44SnFvQ2swZEp2QT09

          If you use the Zoom client software, and not the weblink, put in the meeting if, and then copy and paste the password shown into the password field.

          No wonder hackers have been getting in. Intercept the link, and the hacker can get in!

          Having worked in the IT field, this made my hackles bristle up!

          1 user thanked author for this post.
      • #2263465 Reply
        nantucketbob
        AskWoody Plus

        A security expert told me this past week that after Zoom announced its security updates, he found downloaded conversations on the web, including one of a psychiatrist and his patient. Zoom is dangerous except for the innocuous uses where privacy does not matter.  Even still, probably everything goes to a server in China where it can be culled for useful information on how our country operates.

         

        1 user thanked author for this post.
      • #2263470 Reply
        vietmedic68
        AskWoody Plus

        I don’t trust Zoom for all the reasons mentioned in the article.  But for face to face contact with relatives why wasn’t Skype mentioned as an alternative?  My wife’s father is 88 years old and pretty computer literate so we need to make contact besides phone calls.

      • #2263474 Reply
        Will Fastie
        AskWoody_MVP

        My interpretation of this article is this:

        Q: Is Zoom safe?

        A: Naw, but go ahead and use it anyway.

        Maybe it’s just me, but I find this unsatisfactory.

        AskWoody is the heir to Windows Secrets. I believe Secrets would have assumed Zoom was plutonium and issued strong warnings until it became so evident as to be obvious that there was enough lead between us and the danger. I think Zoom has yet to meet that burden and until its safety can be firmly established, it should be considered radioactive.

        In addition, suggesting that it’s not that bad because everybody does it is very poor reasoning, to be kind.

        The only way to send a message to Zoom and, by extension, other similar services is to strangle Zoom by not using it. The fact that some of our public institutions have resumed with Zoom is not encouraging.

        Will

        4 users thanked author for this post.
        • #2263484 Reply
          woody
          Da Boss

          Funny you should mention that. Lincoln Spector, the author of this article, was one of the main contributors to Secrets – and all of us on the editorial board spent years there.

          I don’t use Facebook any more, largely for the same reasons. But when my son’s teacher wants to hold a class with Zoom, I don’t mind.

          Would I initiate a teleconference with Zoom? Possibly. Depends on whether it needs to be secure. But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.

          2 users thanked author for this post.
          • #2263913 Reply
            KhunRoger
            AskWoody Lounger

            “But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.”

            Glad that my “Computer group” in Phuket, Thailand and Vancouver, Canada is not the only one that had problems with Skype, but we’re all set now. We tried Google Hangouts, WhatsApp and Skype, but didn’t try Zoom as someone said it timed out after 40 minutes.

            Thanks to the local lockdown, the group “meets” every Sunday at 10am, Thai time. The group’s name is “WoodysPhuket”. I forget why.  😉

            Nil illigitimi carborundum

            1 user thanked author for this post.
            • #2263922 Reply
              woody
              Da Boss

              Whoa! That’s GREAT!

              Hope all is well. I hear that Phuket handled the virus much, much better than most places.

              • #2264772 Reply
                KhunRoger
                AskWoody Lounger

                Yes, thanks. Thailand, Phuket and Rawai are doing pretty well…

                Rawai-Mask-Notice-1

                Nil illigitimi carborundum

                Attachments:
      • #2263482 Reply
        b
        AskWoody Plus

        SOCIAL NETWORKING By Lincoln Spector

        Even Windows has been dubbed “malware” (Computer World article).

        Computerworld uses a strange definition of malware:

        Sure, it isn’t malware that’s designed with a malicious purpose.

        • #2263485 Reply
          woody
          Da Boss

          Preston was writing four years ago about the way MS was pushing itself — with a great deal of stealth. “X” out of a dialog box and boom! you get a new version of Windows.

          I hope we’re beyond that stage now.

          In general, malware is in the eyes of the beholder, eh?

          1 user thanked author for this post.
      • #2263489 Reply
        Will Fastie
        AskWoody_MVP

        Funny you should mention that. Lincoln Spector, the author of this article, was one of the main contributors to Secrets – and all of us on the editorial board spent years there.

        I don’t use Facebook any more, largely for the same reasons. But when my son’s teacher wants to hold a class with Zoom, I don’t mind.

        Would I initiate a teleconference with Zoom? Possibly. Depends on whether it needs to be secure. But I certainly wouldn’t use Skype or Teams – far, far too many technical problems.

        Sure, I know the history and you know I do. What I’m saying is that there is a difference between plutonium and “go ahead and use it.”

        If your son is in private school, that may be safer. But if public school, that means government and that’s when the privacy bells start to go off for me.

        Lincoln’s suggestion to use the phone is the most sensible piece of advice.

        1 user thanked author for this post.
        • #2263500 Reply
          woody
          Da Boss

          He’s very much in a public school. 🙂

          1 user thanked author for this post.
      • #2263525 Reply
        Cybertooth
        AskWoody Plus

        Skype started out as a peer-to-peer communications platform. Then Microsoft bought it and started routing the contents of calls through its servers, so I stopped using it.

        Is there any reliable P2P video chat software still around?

      • #2263532 Reply
        sieler
        AskWoody Plus

        Hi,

        I developed a program, zoomback, that lets you bulk load virtual backgrounds into Zoom.

        This can be very useful when you’re looking at trying out dozens of backgrounds!

        It also can display information about your Zoom database … including your call history.  (Note: call history is tracked for you only if you have done recording withing the call, sadly.  I’ve asked Zoom to change that…no response!)

        The program is available, free, for Windows, Mac, and Linux (at least, 64-bit openSUSE).

        It makes a backup copy of your Zoom database before touching it the first time, just in case.

        It must, however, be run from the “command line” (Windows: shell  or command.exe; Mac: Terminal).

        It’s at http://www.sieler.com/zoomback

        Stan

      • #2263542 Reply
        Will Fastie
        AskWoody_MVP

        Skype started out as a peer-to-peer communications platform. Then Microsoft bought it and started routing the contents of calls through its servers, so I stopped using it.

        Is there any reliable P2P video chat software still around?

        I think server middleware was in place long before Microsoft anted up. Something in the middle is needed for group calls.

        • This reply was modified 1 month, 2 weeks ago by Will Fastie.
        • This reply was modified 1 month, 2 weeks ago by Will Fastie.
        1 user thanked author for this post.
      • #2263553 Reply
        Alex5723
        AskWoody Plus

        Is there any reliable P2P video chat software still around?

        Yes, Apple’s FaceTime.

        2 users thanked author for this post.
      • #2263644 Reply
        anonymous
        Guest

        My wife is a 4th grade teacher and her district went with Zoom for off campus learning due to Covid 19. I think the whole concept is a mess and not intuitive and very unreliable. I think the company had not planned for such a dramatic increase in demand, but they also clearly did not develop the system with a lot of thought on security, compatibility, stability and support.

      • #2263679 Reply
        T
        AskWoody Plus

        It seems to me your acceptance of something like zoom correlates with your acceptance of things like open mics to massive tech companies in your house, using a data slurping OS like windows 10, putting all your data eggs in one G shaped basket etc. What i mean is, you start accepting those then what’s one more data slurping little gadget, right?

        Personally, i’ve not used it and am unlikely to at this point and as a consequence i have isolated myself more than i should have but i just don’t trust them. I refer to bruce schneier on this matter and while they may have slightly improved their privacy and security policies since getting so much bad publicity i still don’t trust them until i’m given a good reason why they deserve it.

        https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

      • #2263821 Reply
        WSdplautatjhhs
        AskWoody Lounger

        Use Jitsi. It is open source and scrupulously reviewed for  security issues. Simple enough that my wife’s prayer group uses it w/out my help.

        1 user thanked author for this post.
      • #2264007 Reply
        jrhmobile
        AskWoody Lounger

        No, Zoom is not safe. Not by any stretch of the imagination.

        And as security issues, both by flaw and by design, are constantly being discovered and Zoom developers keep responding with sh– uh, shoot, sorry – it makes me wonder what they haven’t shared about what’s wrong under the hood. Zoom’s steady and ready stream of shoot, sorry responses tells me there’s still a lot more to come.

        Sure it’s easy to use – once the software is installed, even Grandma can click on an email link provided by the host and join the party. Which is why every Grandma and Grandpa on Earth is asking me install it for them and show them how to connect Zoom with their friends and family. Even after I tell ’em of the known and unknown security risks of using it.

        If they insist, I’ll do that. That’s my job. But only on their systems. Not mine. Not ever. And if they want to learn how Zoom works, I’ll only do it if they arrange for both sides of the teleconference with someone else. I want no part of it. To the degree that I use remote software to troubleshoot problems through a secure vendor-supplied service.

        In short, Homey don’t play that.

        1 user thanked author for this post.
        T
        • #2264238 Reply
          T
          AskWoody Plus

          It reminds me very much of facebook’s weasel apologies over the years when they’ve unrolled one or other privacy busting features and they’re all “we went too far this time” or “this wasn’t in keeping with our core values” while never quite rolling back the privacy invading feature creep to where it was before. I will just not risk installing the zoom client on my machine and finding out down the line that it’s opened up some backdoor port even after the client is uninstalled because on the face of it it appears they are either incompetent when it comes to the tech (advertised as being p2p encrypted but not) or there is a huge communication problem between the pr and tech departments. It’s good they are getting this level of scrutiny due to the finger of fate somehow choosing them as the pandemic streaming app of choice but i am not yet convinced they know what they are doing.

          • #2264264 Reply
            Ascaris
            AskWoody_MVP

            I will just not risk installing the zoom client on my machine and finding out down the line that it’s opened up some backdoor port even after the client is uninstalled because on the face of it it appears they are either incompetent when it comes to the tech (advertised as being p2p encrypted but not) or there is a huge communication problem between the pr and tech departments.

            A port is held open when some process is listening for network traffic, and that’s just what Zoom did on the Mac client. It installed a server to listen (presumably on port 80 or 443, since they called it a web server) and which could then be used for Zoom to reinstall the client without any effort from the victim. After they were caught, they did the customary “aw, shucks,” which is looking like a very rational thing to do, given how often the likes of Microsoft, Google, and Apple get away with it. I think they’re all probing the perimeter fence like the dinosaurs in Jurassic Park, looking for a weakness, seeing what people will tolerate, and trying to condition them to accept that any software they use will have its way with your computer or phone (so why fight it?).

            The good news is that Zoom’s name has been dragged through the mud so much that they have a lot of eyes on them, and any such shenanigans are a lot less likely to go undetected than they once would have. So far they have managed to weather the storm without their name being tarnished to the point of no return (as “Vista” once was), but that could change in an instant if any more unethical behavior is noticed.  Malware-slinging is a bottom-feeder game, and with the kind of success they’ve had, they don’t have to be wallowing in the grime like that. One would hope they’d recognize that and “go legit,” but whether they will remains to be seen.

            Group "L" (KDE Neon User Edition 5.19.2).

            1 user thanked author for this post.
            T
      • #2264111 Reply
        anonymous
        Guest

        I have been “Hosting” a corporate “Enterprise” Zoom account for 2 months with an average of 6 meetings a week. ALL meetings consist of ONLY non-confidential discussion. I have not seen any unusual use of computer resources, and scans have not even turned up any “pup’s”.  So far it has been a smooth, indecent-free experience. I have received no warnings or comments from headquarters regarding any negative feedback from the other “Hosts”. That is my experience so far. I hope yours will be pleasant as well.

      • #2264187 Reply
        anonymous
        Guest

        Hello,

        I do not see a solution here? I’m trying to have zoom calls, and have downloaded the latest camera update and it worked for a while, but no more. Zoom is listed as a Desktop App that is not affected by the On/Off setting under Allow Desktop Apps to access your camera.

        Is there a work around for this? Windows 10, v1909.

        Thanks!

        Gingersnap

      • #2264536 Reply
        anonymous
        Guest

        If you wish to look further into Zoom security, this article from the horses mouth published on the 20th May be of help.

        1 user thanked author for this post.
      • #2265379 Reply
        Sueska
        AskWoody Plus

        My observation of using ZOOM for the first time.
        Downloaded the exe on my main Win 8.1 PC, but decided to use another PC for the zoom event. In confirming the detail properties of the exe to make sure I had the newest version, I accidentally (?) triggered the installation. The UAC displayed and I selected “No” to not install but the zoom installation proceeded. Next I attempted to cancel the zoom installation by clicking the Red X of the zoom installation dialog box, but the installation proceeded. Took a while, but eventually removed all traces of the installation; the program itself installed in the app data folders and my firewall settings were changed to allow zoom. This was annoying since I did not want to install ZOOM on my main PC.
        On the protected PC that I planned to use for my zoom event, I downloaded a fresh zoom install and found that UAC was again ignored and it was impossible to stop the installation once started.
        Rebooted to revert changes (using deep freeze software) and re-installed normally. About 30 minutes into our meeting, I was advised that their was a new version would I like to install it. (Selected no). Later as the meeting ended I was advised by a zoom popup that after May 30th encryption will be included in all new zoom downloads, do I want to install it now.
        When the meeting was over, I rebooted to revert all changes.
        The meeting code and password were in the url.
        Other than that easy as pie to use. Yes, will use again as long as I can wipe all traces of it away when finished.

        2 users thanked author for this post.
      • #2273914 Reply
        Nathan Parker
        AskWoody_MVP

        Zoom has added end-to-end encryption for free users, so that’s good news:

        https://www.macrumors.com/2020/06/19/zoom-end-to-end-encryption-available-to-all/

        I have to use Zoom at my school for live classes. For work, I generally have to use GoToMeeting or GoToWebinar with customers, and Microsoft Teams for employees.

        I also have a free Cisco WebEx license, and I just provisioned a paid Microsoft Teams license with a test Microsoft 365 Business Basic account I setup.

        If I need to meet with multiple users, I’d probably use my paid Microsoft Teams account since it’s included in my Microsoft 365 plan and I don’t have to pay extra.

        Nathan Parker

        1 user thanked author for this post.
      • #2273933 Reply
        Cybertooth
        AskWoody Plus

        This clinches it for me.

        Initial trials with Jitsi Meet have yielded promising results and I may be recommending its use to everyone we might chat with online. Using it appears to be pretty straightforward, as you don’t need to create an account or install anything: you just enter a meeting name, send out the resulting URL, and conduct the meeting via your browser.

        If anyone knows of privacy/security issues with Jitsi Meet, please give a shout.

         

        • This reply was modified 2 weeks, 1 day ago by Cybertooth. Reason: typo
        2 users thanked author for this post.
    Viewing 21 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Zoom: Is it safe?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.