With 1.5 billion people currently self-isolating, many have turned to videochat solutions like Zoom. But is it safe and secure? Not so much. Turns out that any nosy dude in Zoom’s server closet can monitor (audio and video) your chat. It’s about as private as sending a postcard. (Read more at… https://theintercept.com/2020/03/31/zoom-meeting-encryption/?utm_source=roundup.) Want secure? Read on for a better solution.
I (Doug) remember (way back) when I was a little guy (age 5 maybe?), my mother and father had opted not to have a phone at all. Apparently, my little town in rural Indiana still had a “two-party line” system — meaning that each phone in the area was linked together with *another* phone in the area. One family could “listen in” on the other family’s calls, much like one extension on a land-line phone can listen in on another extension in the same house. So, knowing the risk that another family might listen in on their calls, my parents opted out of the whole problem. Honestly, I’m not sure how helpful that was. The whole time, growing up, I couldn’t call them if I was stuck at school. And I had to stay after school so often that, by the time I entered 9th-grade, they actually broke down and bought a phone, JUST at the time when the county finally gave each house a private line option. Yay. : )
The moral of the story? Just because Zoom isn’t completely private, I’m not so sure it’s that helpful to trash the whole product. Just realize, “your neighbor might be listening in.” Catch yourself before you give away *any* trade secrets. That’s your only option. Unless it’s not.
If you’ve made up your mind that you can do without Zoom’s cool breakout rooms and ease of use, there are at least two workable options. The first is Wire Pro. Wire Pro actually *is* secure, end to end (user to user, not just user up to the server). https://wire.com/en/products/pro-secure-team-collaboration/ There are very few features to lose. Wire Pro can only do video with up to 4 users at once. But hey… think about it… aren’t many of your meetings with 4 people anyway? Besides. Do you *really* need to *see* 20 people on your screen at once? If you can put up with only 4 simultaneous video (10 simultaneous audio), then using Wire Pro might be an option. And Wire Pro doesn’t have those cool breakout rooms that Zoom has. Just like with Zoom, all it takes is *one* paid Wire Pro user, then she or he can invite up to 9 external guests for a totally-encrypted audio call (3 guests for a totally-encrypted video call). You’ll spend $5/month if you want to be the paid user. There are apps. Both the Windows and Mac apps include screen sharing.
And when it comes to security, Wire Pro is head and shoulders above Zoom. For Zoom’s part, after articles (like the Intercept piece above) surfaced, pointing to the fact that Zoom was using the phrase, “end-to-end encryption” in a false and misleading way, Zoom changed the pop-up message users see when they mouse over the “padlock” in the upper left of their screen. Until a week ago, it would say, “end to end encrypted.” Now it just says, “client-encrypted.” Why? Because they had to admit that they were lying. By contrast, Wire Pro *is* end-to-end (user to user) and what’s more, they’ve even gone so far as to publish their code… so coders can *see* that it’s not sending data to some foreign government.
The other option, besides Wire Pro, is Jitsi. https://jitsi.org/ Jitsi is pure open source. For this reason, it’s basically free. In fact, you don’t even need an account. Just go over to https://jitsi.org/jitsi-meet/ and open a meeting. Try it. The downside? Some people would observe that it’s just a bit … clunkier. But not much. It’s still pretty cool. You can probably achieve good video calls with 10, 15, maybe 20 or even 30 users. Above that, things will bog down. But — it’s free! And it’s true end-to-end encryption. And if you have an I.T. guy and you want *true* ownership of your data, they even give away *server* copies — so you can install it on your own server in your own data center, all for free! (And by the way, hats off to Greg, our I.T. guy, for bugging me about Zoom until he could get it through my thick skull.)
So what’s the solution? If you want 100 users for free (though beit with a 40-minute limit), stick with Zoom. It’s easy. It’s fairly pretty. And — just pretend you’re communicating on postcards. You’re getting what you paid for. Most of all, you get Zoom’s breakout rooms — if those matter to you.
If you want privacy (like my mother and father), use Wire Pro or Jitsi – and live with the limits. Wire Pro has a guest room – but that’s something different. Again, if you want breakout rooms, just use Zoom – and say nothing that you wouldn’t write on a postcard.
So what will you choose? Do you want breakout rooms? Stick with Zoom and send postcards. Then jump to Wire Pro or Jitsi when you truly need privacy. Will that work for you? (Click comment to tell us what you think.)
There are rumors out there floating around that someone was pulled into a police station and shown their zoom meetings and attendees… Any truth to this?
What country/region are you talking about, Tom?
Zoom is taking a lot of heat. Most of which is not truly warranted. Some of the problems revolve around users’ lack of understanding of personal responsibility for security and just jumping on the service and starting to play. The service has measures in place to add security to a call, like enabling a waiting room where the host most admit an attendee and requiring a password to enter a meeting. All of these measures were in place even before the Virus outbreak. I’ve been using it for several years without incident. If you’re really concerned about full encryption, buy a licensed account.
Hi Tom. Not aware of that – but I guess it’s possible.
Jim, thanks for your calming words. But….. with the *deepest* respect (and it’s taken me literally months to understand this), the important thing to understand about Zoom is *not* whether or not you buy a licensed account. It’s that their *architecture* (licensed or not) doesn’t permit encryption from one user to another when the users are talking to a group of 3 or more people. Period. End of story. So you see, there’s really nothing calming about your words, in the end. The *only* possible way that workers can possibly use Zoom if they’re working in a sensitive land is commit *never* to share anything sensitive — period. It’s an open book inside Zoom’s servers. There is *no* encryption across accounts inside their company wall. (Let’s see… how else can I say this.) The message is encrypted from my keyboard to Zoom. And from Zoom to your keyboard. But *any* salaried worker for Zoom with access to the server can see your video and your messages at any time. Period.
And if any Zoom employee can see it, what’s to stop a bad guy from (conceivably) buying him out. Or a government from demanding to see their files. Nothing. So in a word, Zoom is *not*.
encrypted.
I was at a Microsoft conference last spring and discussed it with the Skypeleader, yeah not even discussed because everyone hates it now. We talked all about security and giving information to governments. He said the only viable option they knew of was to create a ms account in Germany and is Skype. Everett other option was viable for interception and court requests.
What about Microsoft Teams?
Maybe it depends on the settings? See, for example, https://www.varonis.com/blog/microsoft-teams/ .