Zoom app on the data protection pillory
Carola Felchner is a freelance writer in the medical department and a certified training and nutrition advisor. She worked for various specialist magazines and online portals before becoming a freelance journalist in 2015. Before starting her internship, she studied translation and interpreting in Kempten and Munich.
More about the experts All content is checked by medical journalists.Whether it's a job meeting, customer service or "meeting" friends - this is often done at the moment using the Zoom video conference app. It is easy to use, but not entirely unproblematic in terms of data protection.
The video conference app Zoom is the big climber in the coronavirus crisis: within a few weeks, the number of users soared from 10 to 200 million per day. And just as quickly, the company from San Francisco ended up in the data protection pillory. Hardly a day went by without new security vulnerabilities or dubious privacy decisions being made public.
The fact that Zoom stole the show from other video conferencing providers, but also from the chat services from Apple, Google and Microsoft - after all owners of the industry pioneer Skype - could be due to its simple use, among other things. You usually only need to click a link and you are there. But the long-standing priority for ease of use laid the foundation for massive problems that came to light when Zoom was no longer only used in a protected corporate environment, but by the broad masses.
Uninvited guests
The "zoom bombing", in which strangers break into video conferences, quickly caused the most visible annoyance. This is easy if you know the dial-in link or the conference ID - and the organizer has not set up a waiting room with manual entry or a password. "Zoombombing" may sound like harmless pranks, but it wasn't: Church services and school hours in the USA were interrupted with racist ranting or showing Nazi symbols. Photos of drinking people were shown at virtual Alcoholics Anonymous meetings.
Safety? Sloppy
However, "zoom-bombing" should not remain the service's only problem. Experts took a deeper look at the security precautions of Zoom and discovered some hair-raising shortcomings.
"When it comes to security, Zoom is sloppy at best and malicious at worst," criticizes cryptography expert Bruce Schneier. "The encryption on Zoom is terrible." Researchers at the Citizen Lab at the University of Toronto found that Zoom uses an encryption method that is considered inadequate. The company also had to retract claims that the data was protected with end-to-end encryption.
Among the various other problems were the unsolicited disclosure of data to Facebook, the random grouping of users with the same email service, the redirection of some conferences via servers in China and the ability to guess web addresses, some of which were recorded by Zoom- Conferences are saved. Company boss Yuan announced that in the next three months, instead of introducing new functions, he wanted to plug the weaknesses.
Alternatives to zoom
Those who do not want to use zoom are not left without an alternative. German data protectionists rely on open source programs such as BlueBigButton, which, in addition to the open license, can also be operated on its own server or with service providers such as Lern.Link in Germany. The data protection officers of the federal states have no concerns about the open Jitsi Meet solution either; professional users can commission service providers such as the Austrian provider Fairmeeting, which promises to operate on the basis of the European General Data Protection Regulation. (caf / dpa)
.jpg)
