SURVEY – The American application has grown in a few weeks from 10 to 200 million daily users. A hyper growth with worrying consequences: data transmitted to Facebook without consent, calls that go to China in error and major flaws.
Zoom should have known that a great power implied great responsibilities. The videoconferencing application is growing wildly while half the planet is confined during the coronavirus epidemic. It rose from 10 million users at the start of the year to more than 200 million daily. App Annie notes that in France, between March 22 and March 28, the application was downloaded 39 times more than a year ago. The platform allows free calls to up to 100 people simultaneously, for 40 minutes, free of charge. A paid subscription gives access to more features.
Founded in 2011 by engineer Eric Yuan in San Jose, California, Zoom has had great success. The company went public in April 2019. At the start of January, the Zoom share was worth $ 70. On March 23, it more than doubled to $ 160, valuing the company $ 40 billion. The rush for the stock was such that the listing of a Chinese company with a close name, Zoom Technologies, listed in New York, was suspended on March 26 after having jumped by more than 700% … investors mistaken clearly corporate.
Zoom Technologies (ticker ZOOM) is NOT the similarly-named popular video communications company. Today the SEC suspended trading in the securities of Zoom Technologies. https://t.co/40zAjWHmY2
– SEC New York (@NewYork_SEC) March 26, 2020
However, scandals affecting the application are increasing according to press inquiries. The American site Motherboard revealed that Zoom was transferring data to Facebook without users’ consent until the end of March on the iOS application. So the social network, which has also increased the breaches of respect for personal data, could until recently, without your consent, have access to information such as the time at which you open the application, your type smartphone, the city from where you are calling or your operator. Useful data to build your advertising profile in order to be able to sell targeted ads.
Unencrypted communications passing through China
This morning I chaired the first ever digital Cabinet.
– Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 31, 2020
“Frankly, Zoom is getting worse and worse, notes Jean-Francois Faye, CEO of the cybersecurity consulting company Nystek. Every day, we learn new flaws or new breaches of the GDPR for Europe or Privacy Shield in the US It’s been three years that the company has been pinned regularly for security concerns, it’s been possible to listen to people, take pictures, and activate the cameras. “I clearly advise against its use.”
Especially since researchers from Citizen Lab, the University of Toronto, have discovered that certain American calls pass, for example, sometimes through China … even though the actual encryption of Zoom communications is very light. So the communications that went through the servers in China are not encrypted “end to end” while the company promised this. When you know that the Chinese security services can have access under certain conditions to the data stored in the country … it is only one step to imagine the worst.
The low level of encryption means that certain conversations, for example those held on Zoom by the British government of Boris Johnson, do not have a high level of security. “I really screwed up,” recognized the boss and founder of Zoom bluntly in the Wall street journal this week-end. End-to-end encryption will not be available on the application for several months.
FBI warns of risks
Practices that risk awakening the privacy police on both sides of the Atlantic. Zoom confirmed to us that he was already in discussions with the offices of attorneys general in New York, California and other states. 27 attorneys general at the last count out of 50 American states took up the case. In France, according to Suzanne Vergnolle, doctoral student in law at Paris-II-Pantheon-Assas University and specialist in the protection of personal data and privacy, the company would not comply with the General Data Protection Regulations ( GDPR) on the transparency and proportionality of the data collected. “It is very atypical what Zoom does, which has changed its confidentiality policy several times. It almost gives the impression that their lawyers are gradually discovering the practices of their company. Their policy has thus changed the 31 December, February 23, March 18 and most recently, March 29. Four changes in less than three months is a bit unusual. ”
The company could be sentenced, depending on the rights violated in Europe, to sanctions of up to 4% of its annual turnover. For now, the National Commission for Data Protection (Cnil) has not yet taken up the subject in France, even if it looks at the subject. Zoom indicates to date not to have been contacted by the French authority.
Finally, these controversies have pushed the FBI to alert the public to the risk of hacking conversations on Zoom because it is quite easy to land in a discussion created without a password. The practice even has a name, “Zoombombing”, where users share pornographic or hateful content in a discussion to which they are not invited. The founder of Tesla and Space X, Elon Musk, has also banned the use of Zoom in his business. New York City has ordered its schools, and its 1.1 million schoolchildren, to use a means of communication other than Zoom as quickly as possible. If you continue to use Zoom, keep in mind that these conversations may one day trick you.
Read alsoCoronavirus: cyber attacks explode due to the crisis