Zoom: how to fix the problem for privacy

Zoom has some privacy and usage issues: video calls saved by users can be found via a simple web search

New storm over Zoom, the video calling app that perhaps more than others has benefited from the smartworking and e-learning boom due to the spread of the coronavirus. Once again, a major privacy issue, yet another, has been uncovered on this platform.

If you use Zoom, and record video conferences, the files of those recordings can easily be found and viewed. According to the Washington Post, among other things, some files have already been found and, among them, there would be a bit of everything: from lessons in the virtual classroom with underage students to job interviews, passing even from meetings between psychologists and patients. Everything is parked on easily accessible servers, and the files are not encrypted.

Zoom: the privacy of recorded meetings

Let's see, technically, where the problem lies. When a videoconference admin decides to record the meeting, he must also choose where to save the footage file. You can save the files on your own computer, or on the cloud. In either case, the file will have an easily recognizable name (Zoom calls all files the same, without using random letters or numbers) and the file will be "in the clear". This means that, if the admin chooses to save his files on cloud servers, those files can be easily found by anyone: just a search engine that indexes files on cloud servers is enough to find them. And just double-click on them to open and look at them.

Zoom and privacy: the developer's response

Zoom in December 2019 had 10 million users, today it has over 200 million. It is clear, therefore, that it is no longer a marginal phenomenon and that it cannot manage so "lightly" the privacy of its users. The developer responded to the criticism by stating that it is up to the meeting admin to choose where to save the recording files. Indirectly this is an advice to save them on your hard disk and not in the cloud.

Relative to other criticisms received in recent days, such as the very weak encryption applied to data transmission, in a note on its official blog Zoom said: "We are working with external experts and we will also ask for feedback from our community, to ensure that the encryption is optimized for our platform". Regarding zoombombing, however, Zoom CEO Eric Yuan admitted to CNN that he has made a few missteps and that within a week or two a password and other measures will be introduced to protect public meetings from jammer intrusion.