If, like an overwhelming number of people right now, you're having to use Zoom while working remotely, you should know that the app is a privacy nightmare -- which makes the company pretty evil to be doing invasions and overreach (nonconsensual data grabs) during a horrible pandemic. For example, last year EPIC made an official complaint to the FTC about Zoom's egregious privacy invasions. The problems with this company are not new. ... just read what [Proton Mail wrote about Zoom's privacy and security dumpster fire].
Zoom's privacy page states: "Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products." This includes, but is not limited to, your physical address, phone number, your job title, credit and debit card information, your Facebook account, your IP address, your OS and device details, and more."
Further, the app allows your boss to spy on you far beyond what's okay in an office setting. From EFF: [...] "Admins have the ability to join any call at any time on their organization's instance of Zoom, without in-the-moment consent or warning for the attendees of the call."
Zoom iOS App Sends Data to Facebook Even if You Don't Have a Facebook Account:
"That's shocking. There is nothing in the privacy policy that addresses that," Pat Walshe, an activist from Privacy Matters who has analyzed Zoom's privacy policy.
The Zoom app notifies Facebook when the user opens the app, details on the user's device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device which companies can use to target a user with advertisements.
Update: Oh, it's even worse:
Zoom Meetings Aren't End-To-End Encrypted, Despite Misleading Marketing:
The meeting is secured with end-to-end encryption, at least according to Zoom's website, its security white paper, and the user interface within the app. But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption. [...]Without end-to-end encryption, Zoom has the technical ability to spy on private video meetings and could be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests. While other companies like Google, Facebook, and Microsoft publish transparency reports that describe exactly how many government requests for user data they receive from which countries and how many of those they comply with, Zoom does not publish a transparency report.
Update 2: Schneier has a roundup, where he says, among other things, "using ECB (electronic codebook) mode indicates that there is no one at the company who knows anything about cryptography."
Previously, previously, previously, previously, previously, previously, previously.
Dear Lazyweb, do any free HTTP proxies exist any more? I mean $HTTP_PROXY, not a VPN.
