Hello from the “Tech Lead” for Global Voices! Given the whole situation with COVID-19, and the migration of whole societies into online work, apps that enable us to connect virtually are getting a lot of attention, especially Zoom, a paid videoconferencing app that has exploded in popularity since the pandemic began. The point of this post is to explain how and why GV continues to use Zoom for our work, and to answer some of the privacy and security concerns that have been brought up in the media and by concerned GVers. I'll apologize in advance for how long this document got! I just wanted to answer all concerns as carefully and thoroughly as I could.
TL;DR: The information below is an elaboration of the recommendations in our Communication and Safety Guidelines, where our suggestions for video chat put Jitsi as the ultimate in private video conferencing, but also recommend Zoom for larger meetings (which Jitsi doesn't support) and for situations where privacy is not a top priority. For dealing with safety concerns related to Zoom, our approach is to take advantage of the security tools already baked into Zoom, as described below.
Who decides GV's policy for questions like this?
GV has an “Infosafety Working Group” composed of myself (Jer the Tech lead), Georgia Popplewell (the Managing Director), Mohamed ElGohary (the Lingua Manager) and Maryalice Quinn (the Finance & Administration Director). Part of our job is to figure out recommendations for software and tools both in terms of how we use them internally and in general.
We’ve been looking carefully at the Zoom situation and have been discussing it on our bi-weekly calls. The information below represents our conclusions about video meetings and the safety problems Zoom has been facing lately.
Zoom isn't end-to-end encrypted
We definitely care about the exposed inaccuracy in Zoom’s claims about end-to-end encryption. It turns out that their claims of end-to-end encryption (“e2e”, implying complete privacy, even against wiretapping) were either lies or a very stupid mistake. As of writing, Zoom calls are still not end-to-end encrypted (the video is theoretically visible to them on their servers). Our conclusion on this subject is that Zoom should be ashamed of this error, and they should be held accountable for such a glaring technical mistake in their marketing.
Unfortunately, this is a problem shared with our “more secure” recommendation Jitsi, who also had a scandal in an extremely comparable way when it was discovered that Jitsi calls with more than two participants are not end-to-end encrypted. As far as we know, all videoconference platforms that support large groups share this limitation, so there’s no real alternative in this space at the moment.
If a call is sensitive enough that it absolutely requires full end-to-end encryption, then our recommendation is to use Signal for a one-on-one call or chat.
Call privacy and “Zoombombing”
“Zoombombing” is a new word that refers to situations where trolls or other toxic individuals join Zoom calls where they aren't welcome and harass participants, often by abusing in-call features like screen sharing to force others to watch disgusting materials with pornographic or racist content. The phenomenon relies on the default setting of Zoom meetings being open to anyone with the meeting URL, thus allowing trolls to easily enter calls and even return easily after being removed. Zoombombing is a real problem and can be very upsetting for targeted individuals.
Zoom is an open platform, open even to trolls
One thing that's important to remember is that this problem stems from a very useful feature of Zoom: The fact that you are not forced to create an account or log in to participate in a Zoom call. Anyone can join anonymously, like with Jitsi, which is a very good thing! But the downside is that anyone can join, and we are forced to deal with moderation problems that could theoretically be avoided if we were micro-managing access based on logged-in user accounts.
So far, the issues around Zoombombing have not been a problem for Global Voices and our use of Zoom. Though our calls are theoretically “open” to anyone to join, this has not been taken advantage of. The reality is that the vast majority of Zoom calls do not get “bombed”, and those that do are often high-profile calls that were advertised publicly and welcome the public. For calls that welcome the public, this is an unavoidable problem, and will apply to any platform where participants can join without being individually validated.
Guessable meeting ID's and meeting passwords
In some cases, due to the nature of Zoom meeting URLs being composed of a simple numeric ID, Zoombombers were able to “guess” the ID of a meeting that was never shared publicly, and log in and harass participants. These situations are even more rare than the “bombing” of URLs shared publicly, but their visibility is very high because it is such a disturbing violation.
Zoom offers several security tools that can work to offset the risk of strangers entering your meeting, but these tools come with a very high cost in terms of usability.
Meeting passwords: Requiring a password on meetings is a lightweight solution that provides some extra security for meetings, and we have implemented passwords as part of our default procedure for Zoom. These meeting passwords only protect us from people trying to guess the numeric Meeting ID, so they are not strong security. Even with a password, the meeting URL that we share with participants contains the password, so if we share that URL too widely, someone may obtain it and join the meeting. The only way to avoid this “loophole” is to not distribute the password with the meeting URL, but this makes it much, much harder for our invited participants to join the meeting. As often happens security comes with usability burdens and it's important to find a balance. For GV's use of Zoom, we've decided that having passwords enabled, but included in the Meeting URLs that we share with participants, strikes a reasonable balance.
Waiting room: Another feature that can be used to avoid trolls is called “Waiting Room”. With this feature a meeting host is required to log in before anyone else, and then that person is required to manually review each participant and invite them into the call itself. The upside is that unwanted guests never get into the call, but the downside is that it's a huge extra burden on the host who's attention will be split between the call itself and the waiting room. The “Waiting Room” feature also has a huge downside of disabling the “Host Key” feature, which GV relies on to easily grant hosting/admin access to many individuals. Overall the Waiting Room may be a good choice for some circumstances, but doesn't make sense for GV and our use of Zoom.
The real solution: Moderation and call management
As we see it, the most effective and practical solution to concerns of “Zoombombing” is to familiarize ourselves with the in-call security and moderation tools, which are very powerful and grant the host full control over who is allowed to be in the call and who is allowed to speak, be seen, and share their screen.
A meeting may be “open”, but as soon as someone joins you are immediately aware of their presence, and if they are unexpected, you can question them as to why they joined. You can mute them or remove them easily in the Participants menu.
You can also “lock down” a call in the middle of a meeting if there are problems with unwanted people joining, or even if you are just confident that “everyone is here already”. The security menu has options to “Close meeting” (blocking new participants from joining) or to “Enable Waiting Room” (forcing new people to be reviewed manually). It also lets you enable or disable screen sharing by non-hosts, which should be disabled at times when you have participants that you don't necessarily trust.
Overall, empowering ourselves with these tools is a solution that will keep us safe from attacks if they do happen, while also allowing us to take advantage of the simplicity and convenience of “open” meetings that anyone (usually our friends) are able to join.
Personal information and privacy
They really seem to be cleaning up their act and promising never to sell our data or use it in sneaky ways, which is a good thing. Now should we blindly trust a corporation to “do the right thing”? No, of course not. But this is a good sign from Zoom, and with so many other companies actively promising to buy and sell our personal information, Zoom seems to be doing what they can to focus on providing a product we are willing to pay for, rather than treating us the users as the product sold to advertisers.
Zoom suffers from both the Apple Effect and the Windows Effect
If you’ll permit me an analogy, I think Zoom’s current explosion in popularity (going from a niche business tool to a household name and generic verb “lets zoom”) has caused them to suffer both what I call The Apple Effect and The Windows Effect simultaneously. Both of them result in a lot of “bad news” about Zoom that can make it seem like a worse product than it is, but most of which will likely resolve over time as the effects of their sudden popularity balance out.
The Apple effect applies to Zoom because they are an extremely popular tool that people pay to use because they love it. The result is that like Apple, Zoom is now being held to a uniquely high standard of ethics and product quality, even in contexts where other companies get a pass. Even if Apple is exemplary in fields like worker rights and environmental impact, because people expect them to be perfect, the media is able to make headlines out of problems that are worse in almost every other company.
As with Apple, we should continue to hold Zoom accountable for any issues that come up, but seeing as Zoom is going through an enormous growth spurt right now, there’s also good reasons to give them time to address the problems being brought to them. The Guardian called Zoom “Malware” and “a privacy disaster”, but by those standards, so are Facebook, Google, Twitter, and many others.
The Windows effect applies to Zoom because they are suddenly the default tool for their field of endeavor, and that brings the scrutiny of hackers, both those with good and bad intentions. Windows spent it’s entire life since the internet became normal fighting a mostly-losing battle against malware, largely because they were the most popular operating system. Yes there were security flaws in Windows, but it was a curse of popularity that so many people were trying to exploit them.
Zoom has entered into a similar space with their popularity, and both trolls and security experts have flocked to analyze Zoom and find problems, uncovering various large (lack of end-to-end encryption) and trivial (publicly shared Zoom meetings can be trolled by Zoombombers) exploits that embarrass the company. The thing to remember in this context is that all systems have problems, but most of them never get resolved because no one is paying attention. Zoom now has the world watching, and they are working to improve the important issues coming to them.
In the latest version of the Zoom app, there’s a new “Security” button visible by hosts. It allows you to quickly access several settings that will slow down or stop someone trying to disrupt a meeting (disable screenshare, disable users renaming themselves, kick users). This is a good sign that they are listening and trying to improve the user experience in light of the trolls and bad actors trying to hurt people using the platform.
Conclusion: GV finds Zoom useful
Coming back to the general question of Zoom and how we use it in GV. The answer of the Infosafety Working Group, at least for now, is that we will continue using Zoom for our day-to-day work and our casual socialization. None of the problems exposed recently imply that there’s a better platform that solves our problems, and the solutions Zoom is bringing to these issues shows that it’s maturing as a platform in a good way.
Zoom offers rooms of unlimited size, supports all common computer and mobile platforms, and so far their networking tools have given us the smoothest pan-oceanic calls available. If a call requires absolute privacy and anonymity, then we continue to recommend Signal, either voice or chat, as a truly secure platform, but Signal can’t even come close to offering us as an organization what Zoom does.
Exactly how we use Zoom is a separate question, and choosing the right mix of features like meeting passwords, waiting rooms, and host keys is an ongoing process. As will most organizations, GV will try to find the balance between usability and control that will benefit our contributors the most.
In the meantime, we recommend everyone hosting meetings take some time to familiarize yourself with the new Security button and menu, as well as the various user management tools in the Participants menu, which will allow you to review all participants and make sure you know who they are, and easily mute, kick out, and ban anyone who isn’t supposed to be there. These tools were there all along, but now that Zoom has become more popular, and thus targeted by trolls, knowing how to use them has become more valuable than ever.
Thank you for reading all this and those of us on the Infosafety Working Group hope you feel we've listened to all concerns and addressed them in a responsible way. It’s great that GV as an organization, and the world in general, is holding Zoom’s feet to the fire. Hopefully it will make their product both more secure and easier to use, which will benefit everyone.