Pandemic Diary 2: Use a Password!

Much of life in the coronavirus lockdown moved to online video conferences about three weeks ago, a fact which is reflected in the NASDAQ share price of one company, Zoom Video Communications, Inc: on March 13, it was $107.47 per share and on March 23 the price was $159.56 per share. (It has since dropped to $121.93 as of today, largely for reasons discussed below.)

There have been video conference web sites, platforms, and applications available for many years, but Zoom is free for a “Basic” plan, simple to navigate on a smartphone or laptop, handled the increase in traffic with ease (“a 535% rise in daily traffic to the Zoom.us download page, according to an analysis from web analytics firm SimilarWeb”), can handle groups in the dozens if not hundreds, and is quite easy to use. College classes have used Zoom as virtual classrooms for years, so when college campuses closed in the pandemic, all unfinished courses moved to finish the semester on the virtual platform.

Zoom allows yoga instructors to continue to conduct sessions, therapists to meet clients, recovery groups to hold as many meetings as they may want to, corporate boards to meet, the quarantined British prime minister to run cabinet meetings, journalists to conduct “in-person” interviews, quarantined families to continue to be families. And it is a free service for the “Basic” package, which allows for forty-minute meetings.

Zoom also promises end-to-end encryption for secure conferences. That last part is not a lie, but it uses the phrase end-to-end in a way that does not mean what the average user of the service might think it means.

True “end-to-end” encryption requires that the devices logged into a conference be the only devices which have a code to access the meeting. However, with true security can come annoying things like lack of performance: one feature that Zoom offers is the capability to toggle among speakers. One can share documents and even desktops live in the moment on each participant’s screen. Hosts can even see which participants have started to do other things on their device, a useful tool for college instructors and employers. For any of these things to take place smoothly and almost instantly, the service provider needs access to the conference to optimize the performance. According to The Intercept, “This type of optimization is much easier if the service provider can see everything because it’s unencrypted.”

A Zoom spokesman wrote to The Intercept, “‘When we use the phrase “End to End” in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.'” You and I as participants in a two-person Zoom chat are not the two ends, but we may be excused if we thought that we were, because in most descriptions of end-to-end encryption, we would be. Zoom means two points within Zoom are the two ends.

It isn’t a lie, but it also is not completely secure. The belief that the system is secure led to many meeting rooms to be built without passwords, because when one creates a meeting with an open invitation (a painting class, say, or a recovery group or a library book club session), one may not want to bother with an unmemorizable password to accompany an unmemorizable web address. (Zoom’s room numbers are nine to eleven digits randomly assembled.)

Zoom meetings have become one of the most public targets for spyware, pranks (“Zoombombing”), even malicious hacking, in which access to one’s passwords on other websites can be found. Malice has never needed much to encourage its existence, so a global emergency is more than enough to spur creativity for bad ends.

Because so many Zoom meetings have been set up without passwords, and because each meeting “room number” is merely nine to eleven digits, a simple automated discovery tool was able to find over one hundred active meetings per hour—and this was last year, before the boom in Zoom usage. The only way to keep a Zoom meeting from this sort of detection is the use of a password. Even corporate board Zoom meetings have been conducted absent a password.

Zoom has announced that it will devote its research and development for the next ninety days toward its security needs. The company has also published guidelines for improved security for its users: the most important detail is that all new meetings will require a password.

Zoom has traveled from a company that most people did not use or even know about to a tool relied on by two hundred million users per day in a matter of weeks. From that rapid introduction and embrace has come a rapid debunking; the headline in an article in The Guardian about Zoom published on April 2 reads, “‘Zoom is malware’: why experts worry about the video conferencing platform.” Such a headline makes it sound like Zoom is tech’s version of coronavirus itself. It is not. Zoom’s users simply need to become more savvy while they embrace its user-friendly qualities.

Always use a password. Never do not use a password. Openness within that limitation can always be fully embraced.

____________________________________________
The WordPress Daily Prompt for April 2, asks us to reflect on the word, “Open.”

Follow The Gad About Town on Facebook! Subscribe today for daily facts (well, trivia) about literature and history, plus links to other writers on Facebook.

Follow The Gad About Town on Instagram!

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

5 comments

  1. susiesopinions · April 2

    Our Zumba class is on Zoom. I had never heard of it, before going online to do the class.

    Liked by 1 person

  2. My little corner · April 2

    I’m in Zoom meetings for a number of things. No one’s using a password. Hmmm.

    Liked by 1 person

    • Mark Aldrich · April 2

      I think older accounts are grandfathered in, but that will need to change, too.

      Like

  3. Lani · April 3

    Thanks for the tip! Changing my settings now.

    Liked by 1 person

  4. Pingback: Pandemic Diary 17: So Near, yet so Far | The Gad About Town

Please comment here. Thank you, Mark.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.