Zoom Has Privacy Issues, Here Are Some Alternatives

Worried about getting Zoombombed? Here are some privacy-facing services to check out while you're WFH.

AccessTimeIconApr 6, 2020 at 6:00 p.m. UTC
Updated Aug 19, 2021 at 1:40 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Zoom, the popular-by-necessity video conferencing platform, has seen an explosion in users as the coronavirus pandemic forces people to work from home. In a recent blog post, CEO Eric S. Yuan said Zoom now has 200 million users, up from just 10 million last December. 

But, with that increase in users has come greater scrutiny of Zoom’s privacy and security. With widespread reports of Zoombombing (where strangers dial in your channel with something rude and disruptive), the company’s procedures have been called into question by the New York Attorney General, and prompted a class-action lawsuit.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The New York’s Attorney General said he is “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network.”

    Until recently, Zoom’s iPhone app included software that surreptitiously funneled user data to Facebook. The lawsuit says the code allowed Facebook to target users with ads.  

    Zoom has been criticized for ignoring privacy before. A year ago, a researcher found four million Zoom user cameras were potentially vulnerable to remote takeover without you knowing. 

    The company is currently pausing all feature development and “shifting all our engineering resources to focus on our biggest trust, safety and privacy issues,” Yuan said. But for many users, this isn’t good enough. They’ve already lost trust in Zoom and are searching for alternatives (which we identify below). 

    “Despite its ease of use, Zoom does not seem to take privacy seriously,” said Reuben Yap, Zcoin Project Steward. “Despite claims that Zoom’s video calls are [end-to-end] encrypted, this isn’t actually the case. E2E encryption means that even Zoom should not be able to view the contents of the videos or calls.”

    “Instead, all Zoom provides is transport encryption, meaning that it is secured to the extent that outsiders cannot intercept the call and view it. This still means that we have to trust Zoom to not read or leak this info. Given its track record, I don’t have high hopes,” Yap said. 

    Yoav Degani, the founder of MyPrivacy, an app that bundles privacy protection tools such as a VPN and a password manager, said there are several privacy and security issues with Zoom. Because meetings can be recorded and uploaded to the cloud, which is not secured, people who are not on the meeting can get a recording (like your boss for example). Also, organizers can receive a text file with the transcript of the meeting chat. 

    “There's also a feature available to the meeting's host called attendee attention tracking,” said Degani. “It allows the host to monitor participants' computers and see if someone is not active in the Zoom call for more than 30 seconds.”

    You may not be officially active if, say, you put the Zoom window in the background and play some game or read some post on Facebook.

    Degani said some bad guys are taking advantage of the situation and there are dozens of websites with the name “Zoom” that all of a sudden appear in search results and advertising and are used for phishing. 

    Locking down your video

    Several people who build and develop privacy-oriented tools recommend Jitsi as a more secure alternative to Zoom. 

    Emil Ivov, one of the founders of Jitsi, said what sets it apart from other video conferencing services is its low friction. Creating a meeting is as simple as typing your name in, and it’s just one click to join. The company uses WebRTC, or Web Realtime Communications, which enables peer-to-peer video, data and audio communication between two web browsers. So on desktops there are no downloads and no accounts needed, said Ivov. 

    “We are really mindful about privacy and security,” said Ivov. “We require no personal data and fully support anonymous use. We are also open source. This is where we are truly unique. If you have any concerns about how we run our service, then you can just go and run your own! It only takes 15 minutes.”

    Being open source also means anyone can scrutinize its software. But Jitsi does not feature end-to-end encryption. 

    “For now this is simply not possible with WebRTC, although the whole community is looking into the problem and we are hoping there will soon be solutions,” said Ivov. “For the time being, however, all your data is encrypted in-flight using DTLS-SRTP [a protocol which adds encryption and ensures message authentication and integrity] as per the WebRTC standard. None of your media content leaves your computer unencrypted.”

    Jitsi is one more secure alternative, and another includes Whereby. One big drawback: Users are limited to four meeting participants in the free version.  The Pro version of Whereby is $9.99 per month, and allows up to 12 participants per room in up to three meeting rooms.

    Other one-to-one alternatives include Facetime, which does have end-to-end encryption, as does Signal, the privacy-focused messaging and call app. 

    “Products and services can be built to be both convenient and to protect privacy by design at the back-end,” says Raullen Chai, CEO of IoTeX, a Silicon Valley company that develops privacy-protecting smart devices. “Then you don’t have to worry about whether or not you trust a centralized party because it is built in what can and can’t happen with your data, returning control to the consumer. Blockchain-based key issuance allows for true end-to-end encryption without having to trust a central provider to not keep a key for themselves.”

    Take all this into account, and it’s just one more indicator that yes, that meeting could probably be an email. As long as it’s one sent securely, that is. 

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.