My Authors
Read all threads
This Zoom thing is a good time to discuss "threat models". Is Zoom "secure"? Well, that depends upon your threat model. In other words, secure against what, precisely?
Two threat model questions are:
- will it allow hackers to break into your computer/accounts?
- will it allow hackers to eavesdrop on current/previous sessions?
While Zoom can work within a browser, it strong-arms people into installing an app. This is problematic, as browser apps are relatively safe, but installing apps, especially on desktops, is incredibly unsafe. It gives hackers ways of hacking your desktop computer.
In contrast to Zoom is Discord, a very similar app that targets gamers instead of corporate users. It, too, encourages people to install the app on the desktop, but makes it easy to use as a browser app.
Now you can run Zoom solely within a browser, it's just very hard. I've done it, but I haven't documented the steps. When it detects you've got Windows or Mac, it really makes it difficult to use the browser -- it's possible, just not through the normal means.
Thus the answer to this portion of the threat model isn't "don't use Zoom because app dangers" but "figure out how to use it solely within Chrome". Like most threats, the answer is not "don't do it", but "mitigate it".
Now let's talk about eavesdropping. Is Zoom safe enough for remote school classrooms? Absolutely. Is it safe enough for standard business meetings? Probably.

Is it safe enough for important business secrets, national secrets, and cybersex? Probably not.
There's a good reason why it's not safe enough for cybersex or national secrets: it has to work with the plain old telephone system that is designed to allow for eavesdropping. Most every Zoom conference I've been on has included people who dial in.
Thus, this security flaw is less a problem with the app so much as a problem of the requirements users have, demanding that it allows people to dial in.
If you want secure cybersex sessions that people aren't going to be able to eavesdrop on or record, use Facetime or Signal. That's what these apps are designed for.
And yes, it's a Boomer problem. Corporations are full of old executives and sales people who can't use modern apps and who prefer to use plain old telephone calling. Young people seem to prefer to use apps to make phone calls anyway.
I don't include "Terms and Conditions" or "Privacy Policy" in my threat model. As far as I can tell, they are fiction, using a lot of words to say simply "we can do whatever we want but you can't do thing you want".
That's what "end-to-end encryption" means. ToS doesn't stop them from eavesdropping on your calls/sessions, but end-to-end encryption does. No ToS ever created prevents eavesdropping.
So use end-to-end encryption if you don't want the service provider eavesdropping, otherwise assume that they'll sometimes be eavesdropping, regardless of what ToS says. Zoom doesn't have end-to-end encryption, Signal does.
By that last tweet I mean to demonstrate the principle "I don't know your threat model". I can't either recommend Zoom or recommend you avoid Zoom, because I don't know your threat model. This is probably the greatest lesson of "threat models", that there isn't one for everyone.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Robᵉʳᵗ Graham😷

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!