My Opinion on Zoom

15. May 2020 • edited 26. May 2020

TL;DR: Do not use Zoom at all! If you have to: Use it on iOS or in the browser.

Nowadays we use lots of video conferencing to practice physical distancing. A major player in the field is Zoom. One reason for that is the fact that they have a good software quality. At least on the surface it looks like they have. Because the inner software quality seems not that good. Zoom has a fairly long track record of security issues since years for their desktop clients. I will not list them here. You can google this by your self. If you are working in the security field then you know what I mean. Also they had some problems with privacy and GDPR compliance.

Yeah, but They Fixed the Software

Yes, indeed they fixed the software and closed some of the publicly known security issues. Despite that there are rumors about zero days traded in the dark net. Also there is a analysis of a security researcher who did only a quick look at the macOS and Windows clients: Things look black!

So What Is the Problem

It is the habit of the company and its management. I don not state that software must be bug free. As software developer I know that this is impossible. And of course other video conferencing tools also had and will have security issues. But the difference here is that Zoom seems to act only, if there is a public shit storm in the media. Also it looks like the whole architecture of the software is quite quick and dirty. In my opinion it seems that making money is way more important than secure software architecture. This is not good! We saw this at Microsoft long time ago. Remember Windows 95 and the versions after it. Microsoft still carries this burden of ignorance for secure architecture in favor of making money until today and we all pay for it day by day.

And even more it is not good in the current situation. I saw lot of people say things like: “Ok, but it’s Corona and we need a working tool…” I understand that, but it is definitely not a good idea to defer security because all the ransomware guys do not wait until Corona is gone. You should not give a company like Zoom your confidence and encourage their bad practice.

SecurityZoomCoronaarchitectureopinion
Published under the THE BEER-WARE LICENSE.
If you like what I do you can subscribe my RSS feed or follow me on Twitter.

Please Use Semantic Versioning

Hardening Your SSHd With Ansible