Tag Archives: zoom

Zoom Settles Lawsuit Over “Zoombombing”

Zoom has agreed to settle a lawsuit over “Zoombombing”, The New York Times reported. More specifically, Zoom Video Communications has agreed to pay $85 million and improve its security practices to settle a lawsuit claiming it violated the privacy of its users.

As you may recall, Zoom became exceeding popular when businesses turned to “work from home” and schools shifted to remote learning. Unfortunately, hackers decided to engage in “Zoombombing” by accessing Zoom conferences they were not allowed to enter. The hackers posted things that were inappropriate for the group who was in the Zoom call.

According to The New York Times, 14 class-action complaints were filed against Zoom Video Communications in the spring of 2020 over “Zoombombing”. Reuters reported that the subscribers in the proposed class action lawsuit would be eligible for 15% refunds on their core subscriptions or $25 whichever is larger, while others could receive up to $15. Engadget reported that lawyers intended to collect up to $21.25 million in legal costs.

In March of this year, Reuters reported that U.S. District Judge Lucy Koh in San Jose, California, dismissed several claims in the proposed class action including invasion of privacy, negligence, and violations of California’s consumer and anti-hacking laws. She allowed some contract-based claims to proceed.

Engadget reported that Judge Lucy Koh said Zoom Video Communications was largely protected against “Zoombombing” claims due to the Communications Decency Act’s Section 230. It is the part that safeguards platforms against liability for users’ actions.

It sounds to me like the lawyers might be the only ones to make money from this lawsuit. The people who are part of the class-action lawsuits are, at best, going to get a small amount of money. Zoom Video Communications, however, appears to have been allowed to avoid facing consequences other than having to throw money at the problem.

Zoom Expands to Smart Displays at Home

Zoom announced that they are rolling out support for Portal from Facebook, Amazon Echo Show, and Google Nest Hub Max. This will make interactive video meetings as easy as the touch of a button or the sound of your voice. Zoom also points out that this feature can be used to connect by video to family and friends.

I can see where this could be useful for people who have disabilities that make it difficult for them to use their hands. Being able to attend a Zoom meeting by using voice controls would make the experience more accessible. It could also be good for people who need help setting up Zoom on their computer or laptop, and who may find it difficult to log in when they need to.

There are many reasons not to trust Zoom. They have a history of security failures, including a problem that allowed Zoom to enable a user’s camera without the users permission. At the time, uninstalling Zoom did not fix the problem. In June of this year, Zoom decided to limit end-to-end encrypting only to paid users – which they later opened up to free accounts after backlash.

The reality is that there are many people who are working from home and who are required to use Zoom for work meetings. One advantage of using Zoom on a smart display is the option to take Zoom off your computer or laptop. A Zoom Meetings user could log into one of the smart devices that are supported by Zoom, and integrate their calendar, status, and meeting settings.

Zoom will be rolling out to Portal from Facebook in select regions in September. It will roll out to Amazon Echo Show devices in the United States later this year, beginning with Echo Show 8. Zoom will roll out to Nest Hub max later this year.

Zoom will add End-to-End Encryption to Free Accounts

As you may recall, earlier this month Zoom revealed that it would only enable end-to-end encryption on paid accounts. The free accounts were not going to get that protection. After public outcry (and, I suspect, loss of customers), Zoom now says it will add end-to-end encryption for all users starting in July of 2020.

Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather feedback on this feature. We have also explored technologies to enable us to offer E2EE to all tiers of users.

Zoom has released an updated E2EE design on GitHub.

In its blog post, Zoom states that the updated E2EE design “balances the legitimate right of all users to privacy and the safety of users on our platform.” In addition, Zoom says the new design will enable them to “maintain the ability to prevent and fight abuse” on their platform.

There is a bit of a “catch”, however. Free/Basic users will not automatically have the E2EE applied. In order to get it, these users must give Zoom a verifying phone number via a text message.

In other words, users have to give Zoom more information before they can get E2EE protections. I’m not sure how many people trust Zoom with their phone number, considering (as TechCrunch reported in April) Zoom routed some calls made in North America through China – along with encryption keys.

Zoom says the early beta of the E2EE feature will begin in July of 2020. Betas are known to be a bit wonky, as users discover “bugs” and other problems. I wouldn’t consider a beta of E2EE to offer much protection.

Hosts of Zoom calls will be able to toggle E2EE on or off on a per-meeting basis. Account administrators will also be able to enable and disable E2EE at the account and group level. To me, it sounds like people using a free Zoom account will be told they have E2EE protection (sometime after the beta ends). But, they won’t really have it if their employer can turn it off.

Zoom Limits End-To-End Encryption to Paid Users

Those of you who are using Zoom, on a free account, might want to stop doing that. According to The Next Web, Zoom calls made by people who have free accounts won’t be encrypted. The end-to-end encryption is only for paid users.

Bloomberg reported that Zoom’s sales “soared” in the three months that ended on April 30, 2020. This happened due to a wave of stay-at-home orders put in place to prevent the spread of COVID-19. Those who suddenly found themselves working from home, and students whose schools shifted to virtual learning, started using Zoom. Clearly, Zoom has the money to add end-to-end encryption for all users.

Choosing not to do that is strange, especially since children use Zoom to access education. Churches and groups that focus on therapy and/or addiction have also used Zoom for meetings.

We’ve all heard about “Zoom-bombing”, which got so bad that the U.S. Department of Justice warned that “Zoom-bombing” can result in fines or imprisonment. That is a problem, but I don’t see how cutting off free users from end-to-end encryption will solve it.

The Next Web reported a quote from Zoom CEO Eric Yuan. “Free users, for sure, we don’t want to give that [end-to-end encryption]. Because we want to work it together with the FBI and local law enforcement, in case some people use Zoom for bad purpose.”

Alex Stamos, whom The Next Web identified as a security consultant for Zoom, tweeted: “Zoom is dealing with some serious issues. When people disrupt meetings (sometimes with hate speech, CSAM, exposure to children and other illegal behaviors) that can be reported by the host. Zoom is working with law enforcement on the worst repeat offenders.”

From this, it sounds like Zoom believes that free users cause shenanigans. But, that paints all free users with the same brush, and that’s not acceptable. I think Zoom will lose customers over this decision. I don’t think parents of kids who use Zoom for school, people who attend church through Zoom, or those who access self-help meetings on Zoom, will feel comfortable having law enforcement monitoring their Zoom calls.

“Zoom-bombing” Could Result in Fines or Imprisonment

The world is adjusting to the “new normal” of working from home and attending online meetings. While this is happening, a nefarious group of people have decided to enter Zoom teleconferences so they can be abusive to the people who are attending it. The Department of Justice wants people to know that “Zoom-bombing” can result in fines or imprisonment.

The Department of Justice U.S. Attorney’s Office Eastern District of Michigan posted a release titled: “Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic”.

The release points out that the FBI reported this week that there has been a rise in “Zoom-bombing”, or video hacking, across the United States. Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language.

Michigan’s chief federal, state, and local law enforcement officials are joining together to warn anyone who hacks into a teleconference can be charged with state or federal crimes. Charges may include – to name just a few – disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications. All of these charges are punishable by fines and imprisonment.

The Verge reported that the press release on the Department of Justice’s website under the US Attorney’s office for the state’s Eastern District is posted with support form the state attorney general and the FBI.

The press release includes a quote from Matthew Schneider, United States Attorney General for Eastern Michigan, “You think Zoom bombing is funny? Let’s see how funny it is after you get arrested. If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door.”

I understand that some people are getting bored while under “shelter at home” orders. That doesn’t give them the right to go online and harass people. I wonder when we will hear news about the first arrest of a “Zoom-bomber”?

Video Chat Creates Background Bonanza

With everyone staying at home to avoid Covid-19, video conferencing and chat has exploded over the past two weeks as families and friends look for new ways to stay in touch. Not everyone lives in a house out of Homes and Gardens or Wallpaper, so many of the chat apps have the ability to put a virtual background in the picture to disguise the clutter and detritus of daily life.

To further alleviate the boredom, this has led to an explosion of fun backgrounds from big name companies. Pixar has released a bunch of them on Twitter, including scenes from ToyStory, Up, Finding Nemo and one of my personal favourites, Cars. Here’s a selection – head on over to Pixar’s Twitter feed for more and to download the fullsize images.

The backgrounds tend to work best with a green screen, which I admit, defeats the purpose of simply being able to cover up a messy view, but Zoom on the iPad does a surprisingly good job on the iPad without any kind of special setup.

It doesn’t take much detective work to find plenty of others, from the bridge of the Enterprise to the Simpson’s sofa, there’s something for everyone.

The virtual background feature is enabled via Zoom’s web portal, though the image is actually set from within the Zoom app itself. and there are full instructions here.

The feature is currently on available on PCs, Mac, Linux and iOS. Sorry Android folks.


Zoom Apologizes for Security Failures

Zoom, the company that makes the software that so many people are using now that they have to work from home, posted A Message to Our Users. In it, Zoom Founder and CEO, Eric S. Yuan, apologizes for security failures and provides details about the things they are doing to fix the problems.

Zoom starts by pointing out that usage of Zoom “ballooned overnight”. This includes over 90,000 schools across 20 countries that have taken Zoom up on their offer to help children continue their education remotely. According to Zoom, at the end of December 2019, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March of 2020, they reached more than 200 million daily meeting participants, both free and paid.

For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.

Here is a quick look at what Zoom has done to fix things:

  •  Offering training sessions and tutorials, as well as interactive daily webinars to users. The goal is to help familiarize users with Zoom.
  •  On March 20, Zoom posted a blog post to help users address incidents of harassment (or so-called “Zoombombing”) on the platform by clarifying the protective features that can help prevent this.
  •  On March 27, Zoom took action to remove the Facebook SDK in their iOS client and have reconfigured it to prevent it from collecting unnecessary device information from Zoom users.
  •  On March 29, Zoom updated their Privacy Policy to be more clear and transparent about what data they collect and how it is used.
  •  On April 1, Zoom permanently removed the attendee attention tracker feature. They also permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature.

These changes are a very good thing for Zoom to be doing. After unexpectedly gaining so many new users, the last thing the company would want to have happen is for people to leave Zoom because of their concerns about its problematic handling of privacy. It seems to me that the apology offered by Zoom Founder and CEO, Eric S. Yuan is genuine, because the company did take actions to improve Zoom for users.