When the world turned remote, we heard article after article about Zoom's vulnerabilities and general policy concerns. The primary concern is that these issues haven't stopped months later.
Don't get me wrong. I understand that vulnerabilities happen and are not always ironed out in the development stage, but what Zoom has been doing is on another security ignorance level.
First, we had "Zoom-bombing." And I guess we still have it.
In theory, this can happen on all video conferencing platforms, but Zoom didn't expect that this would happen on their platform, so they didn't, and still don't have proper procedures to avoid this. Auto-lock, mandatory passwords, and a "waiting room" are ways that other companies have helped avoid this.
However, passwords don't fix everything:
Hackers could brute force their way into any Zoom meeting. Zoom didn't have any implementation to block a computer entering millions of attempts to "guess" the meeting password so that a computer could guess the combination in minutes.
Zoom sending traffic through China:
Multiple reports show that Zoom sends (or at least has sent) video and audio data through China. They can say that they are not doing this now, but the company has lied before, so they very well could be again.
Lying about encryption:
Zoom has been sued for false claims regarding their encryption. Zoom has claimed that their encryption was due to their TLS encryption certificate. This doesn't provide an End to End encryption for their video meetings, just access to their website. Additionally, with Zoom not understanding how encryption works, I wouldn't give them any credit for "fixing this". Zoom has proven to implement encryption in poor ways.
Zoom will sell and leak your data and installs like Malware:
Zoom was installing a "secret web server" on your computer. They also developed their Zoom Meetings installer with the same tactics that install like Malware.
Many companies have banned the use of Zoom. Zoom doesn't care about keeping the meeting secure. They have repeatedly lied about practices and tried to cover things up. I understand that the average person might not care about a meeting being encrypted for their family gathering. If you are one of these people, I beg you to think, would you like anyone dropping into your family gathering, recording whatever they want, or even taking over the family gathering to their liking?
I would hope the answer would be NO.
The synopsis is that we should be using tools that protect our privacy and tools that built correctly.
I believe that to make Zoom trusted and used by all; it needs to be entirely redone by a company that cares about user privacy and goes through the situations to make sure the platform meets user expectations.
You can't fix Zoom quickly when its fundamental structure is broken.