Zoom – better not

Last two weeks, a lot was written about Zoom. It is not the first time that this company is in the spotlight – at least in the mac blogosphere. The last time it was due to an web server installed (via Daringfireball) and never removed when Zoom was uninstalled.

Now it is an abused installer, installing the application in the preflight step and not informing the user about this. Apparently, it is now fixed in the meantime (via Techmeme).

The biggest issue I have is the wrong statement regarding end-to-end-encryption (via daringfireball) of group chats.

When a host starts a meeting with the “Require Encryption for 3rd Party Endpoints” setting enabled, participants see a green padlock that says, “Zoom is using an end to end encrypted connection” when they mouse over it.

Asked why it is called End to End Zoom answers with this:

“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients.

But this is pure spin. The term E2E encryption is clearly defined. And when you use it, you cannot make up a new definition on the spot! As everybody will just understand the original meaning.

At least the company is working on making things better (via techmeme). At least the second part of this posts list changes and fixes for most of the issues reported, but still, why implement user tracking into a tool in the first place? Especially when it is for corporate use where the security requirements are normally higher as well. So I don’t quite buy the statement here:

First, some background: our platform was built primarily for enterprise customers – large institutions with full IT support. These range from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare organizations, and telemedicine practices. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment.

Here is a link to uninstall Zoom cleanly, and here are some alternatives.

And some additional writing about the software:

• Zoom linkedin data (via techmeme)
• Sending user data [german]
• Leaking Emails
• Local security issues

• /security
• /videochat
• /zoom