In the wake of the COVID-19 pandemic, Zoom Video Communications experienced a significant explosion in its userbase with the platform’s daily average users skyrocketing from 10 million daily users to over 200 million.
This significant increase in attention has lead to Zoom entering the spotlight following rising privacy and security concerns discovered by security industry leaders and privacy-conscious users. As organizations continue to accommodate remote working and determine the best ways to manage a remote workforce, news about security issues regarding the applications needed to support them will be a significant concern.
In this bite-sized article we will cover:
Zoom Video Communications is an American cloud-based video conferencing company. It was founded by Eric Yuan in 2011 and is based in San Jose, California. Zoom offers free and paid tiers of its platform and attendees can join a Zoom meeting without downloading an application or making a dedicated account, making it a popular choice for convenient video conference meetings for both enterprise and personal use.
Controversies surrounding Zoom’s privacy and security issues have caused many organizations to outright ban the use of the platform. As the situation evolves and Zoom continues to work to address the discovered issues these companies may consider allowing the platform.
Organizations That Have Banned Zoom Video Conferencing:
The phenomenon known as “Zoom Bombing” involves unwelcome users gaining access to meeting rooms and sharing grotesque content with unsuspecting users. This practice has been especially troubling for new users that have begun using Zoom to keep in touch with family members partaking in mandated social distancing throughout the COVID-19 pandemic.
How Zoom Bombing Happens:
Once inside a Zoom meeting room, the malicious hackers shout profanities and share grotesque content with meeting attendees by taking advantage of Zoom’s default settings that allow new users to share their screens. This is especially troubling for Zoom’s pre-defined and reusable Personal Meeting IDs (PMI) as users of the Free tier cannot change their PMI by default, leaving future meetings susceptible to abuse when bad actors illicitly share their PMI.
With some adjustments, Zoom is safe to use for most people as the latest influx of controversy (such as Zoom Bombing) has stemmed primarily from abuses made possible by the default privacy and security settings of the platform.
For enterprise users, security considerations for using Zoom are entirely different. Concerns surrounding claims that Zoom is not end-to-end encrypted as advertised and a formerly unpatched UNC vulnerability that had allowed hackers to steal Windows credentials have lead security-conscious enterprises to question if the platform meets their cybersecurity needs.
To address the incoming wave of privacy and security concerns from privacy-conscious users and enterprise customers alike, Zoom has released a statement to its customers about the steps they will be taking to improve the security of their platform.
Highlights: What Zoom is Doing To Fix Security Issues
As the situation continues to evolve there are likely to be several new features and adjustments to Zoom’s default settings. If you would like to stay up to date with the latest Zoom security and privacy updates, the CEO and Founder of Zoom (Eric Yuan) has started hosting weekly webinars on Wednesdays at 10am PT from their website.
If security and privacy concerns surrounding Zoom have you searching for alternatives, the below list of Zoom competitors are suitable options video conferencing.
Designed with enterprise users in mind, Cisco Webex provides features for teleconferencing, interactive webinars, cloud calling, and team collaboration. Their offerings have recently been updated to enhance the features of their free plan to address the need for video conferencing options following social isolation orders related to COVID-19.
Microsoft offers two video conferencing products – Microsoft Teams and Skype. Skype is best for personal video calls with family and friends, and Microsoft Teams is recommended for schools or enterprises looking for added collaboration features for remote learning and the management of project teams.
Free users of Google Hangouts can have group calls of up to 10 people. With multi-platform support for Android, iOS, and the web, the free version is suitable for small virtual social gatherings, though participants will need a Gmail or Googlemail email address to participate. The paid tier of Google Hangouts (Google Hangouts Meet) is included as part of existing GSuite subscriptions. To help businesses and schools during COVID-19, Google is offering all tiers of GSuite customers access to the video conferencing features that were previously only available for enterprise customers – Up to 250 participants per call, live streaming for up to 100,000 viewers, and the ability to record meetings and save them to Google Drive
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |