Author: Siggi Bjarnason
Is Zoom Secure?
In today's era of social distancing and bans on large gatherings, it seems everything has gone online, and video conferencing has exploded in popularity. Video conferencing provider Zoom has seen it's customer base absolutely explode. Some say that they grew from 10 million users to 200 million users in less than three months. This brought a lot of scrutinies, and everyone seemed to write about the security of their product or lack thereof. Some brought up valid concerns and issues which I felt were addressed quickly by the company. Other brought up issues I felt were such corner cases that there were only specialized usage scenarios that they applied to. Then others seem to be merely piling on for the sake of piling on because everyone else was doing it.
As someone who's the main occupation is Principle Cybersecurity Engineer for a major cellular carrier, I feel Zoom is now the most secure video conference provider. My reason for this assessment is partly based on the truism "absence of evidence is not evidence of absence." I mean by that, a product that has received a great deal of scrutiny and responded positively to the spotlight like Zoom has I feel is much more secure than a company that no one has inspected. Companies that react to security notices with lawyers and lawsuits are the scariest companies to me. This is why I continue to recommend Zoom, despite others being afraid of them.
You may be asking, "but what about Zoom declaration that they are working with law enforcement." To that, I point out that they specifically said this concerning their free account offer. I believe this was either a misguided attempt to encourage users to upgrade to paid accounts or to discourage organized crime and low-end violent criminals from using their free account to organize their crime sprees. I also point the reader to read up on The Communications Assistance for Law Enforcement Act (CALEA). It is my understanding that all video conference providers are classified as a telecommunication provider under this law and are thus required to work with law enforcement and provide them with an interception when supplied with a valid request.
How to protect your privacy while using video conferencing
There are two main concerns regarding privacy when doing video conferencing, visual privacy, and location privacy.
The first thing to realize in terms of visual privacy is that while the service is called video conferencing, there is no technical requirement to use the video camera. I have yet to see a video conferencing solution that does not allow you to turn off your video camera. They usually offer an option to have the camera turned off by default.
As you are joining Zoom on Windows computer, you have the option to turn off your video before even joining. Here is a screen shot of this option
If you feel pressured to turn it on and feel you can't be honest, telling people your webcam isn't working has a high chance of getting people to back off.
For extra safeguards in case you forget to turn it off, a webcam cover like https://smile.amazon.com/gp/product/B00Q1UHD6C/ works great.
If you want to turn on your camera but not reveal your face if you set up strong light behind you pointing towards the camera and little to no light in front of you, then all the webcam can pick up is your silhouette. This may require some experimentation to get right.
About the Author: Siggi Bjarnason is a seasoned, experienced, and dedicated cybersecurity professional with nearly 25 years in professional computer experience and online expertise that dates back to the early 1990s. Siggi us the founder of Infosec Help & author of the book "Your Safety and Privacy Online: The CIA and NSA" available on Amazon.