The application most used during the coronavirus lockdown used for racist, pronographic and violent attacks on videcalls. And the “Corporate Directory” function risks spreading the users’ private profiles
Zoom, the most popular video conferencing app of the moment, is in the eye of the hurricane due to security problems and hordes of trolls who enjoy offending the participants of public video sessions. The success of this application (+ 5500% of downloads in Italy) is bringing out a series of unexpected critical issues. Last week Motherboard he found that the iPhone version shared user data with Facebook, for advertising purposes, without specifying the type of information and without asking users’ consent. Zoom developers apologized and updated the application, but yesterday there was confirmation of another “flaw”.
Coronavirus, Zoom flywheel, Houseparty and the others: for video chat apps it is + 90%
Headings of strangers
A Dutch user yesterday demonstrated a Vice how it is possible to access the personal information (names, e-mails, photos, etc.) of thousands of subscribers to the platform simply by taking advantage of the “Company Directory” function. The latter automatically adds other people registered with an email address belonging to the same domain to their Zoom address book. It should facilitate the search for other colleagues, but many found themselves in groups of strangers who could have started a video conference.
Sneek, the webcam that spies on smart working workers
The problem did not occur with Gmail or other large mail services, but with those provided by small providers. “If you sign up for Zoom with a non-standard provider (ie not Gmail or Hotmail or Yahoo), then you get information about all users registered with that provider: their full names, their email addresses, their profile picture (if they have) and their status. And you can call them on video, “he explained Barend Gehrels at the head. It should be underlined, however, that to activate the call, the user must accept the invitation from the unknown – along the lines of what happens with Whatsapp or Telegram messages.
Signal, Telegram and WhatsApp: the best and worst of the apps for chatting
The confirmation of this anomaly is obtained from the same Zoom assistance center, where it says that: “By default, the Zoom contact index, in the Company Directory section, contains users belonging to the same organization, who have the same account or whose email uses your own domain (except public ones like gmail.com, yahoo.com, hotmail.com, etc). Professional or higher level account owners / administrators can disable this setting in IM Settings ” .
Privacy, Zoom videochat runs for cover: “Problem solved with Facebook”
Several Dutch providers have admitted that they are aware of the matter, but have not received a complaint. “Zoom maintains a blacklist of domains and proactively identifies those to be added regularly,” a company spokesman said Motherboard. “As for the specific domains that were highlighted in the note, these have been blacklisted.” In short, it would seem to have been a responsibility of the managers; Zoom recommends reporting them here.
The trolls are in quarantine like anyone and have identified in the Zoom app a new frontier for their offensive raids – renamed “Zoom-bombing”. More testimonies confirm incursions into public video calls of student groups, conferences, meetings and religious appointments. And the goal is always the same: create bewilderment, insult and disturb by sharing videos with pornographic content and violent photos.
The Mexican restaurant chain Chipotle was forced to close a public chat on Zoom on Tuesday, to which the singer had been invited Lauv, as one participant had started broadcasting pornographic content to hundreds of users. The venture capitalist Hunter Walk and the journalist Casey Newton a few days ago they were forced to do the same during their weekly “work from home happy hour” appointment. Last Friday the reporters Kara Swisher is Jessica Lessin in their Zoom event dedicated to women in the technology sector they abruptly ended the video session after a participant started broadcasting a video with images of extreme fetishism.
The troll raids
The researcher from the Shorenstein Center of the Harvard Kenney School, Joan Donovan, said that Zoombombing is becoming a kind of game. Some students started sharing the links of the school video conference sessions on the VoIP platform dedicated to the world of Discord video games.
The underlying theme is that Zoom, by default, allows all participants of a session to share their screen without permission. At that point, it is enough to have the link of an event to access and create confusion. By now there are real groups on Facebook and chat in Discord where links are exchanged to organize raids.
Racism and pornography
Another striking case is that of Dennis Johnson, who during his final dissertation to obtain his doctorate from California State University was subject to a racist attack. “I’m black, a first-generation graduate from Chicago’s Southside, who has worked diligently to get to March 26,” he explained. “As I finished the historical analysis section on the oppression of blacks within the American education system, I noticed a red dot on my computer. For a brief second I thought someone else was sharing his screen at the same time as mine, but then other red marks appeared. Soon more marks were made to create the shape of a penis […] a few seconds later, the letters ‘negro’ were written on the screen followed by pictures and videos of pornography. “
Johnson explained that he had collected other testimonies of racist incursions conveyed through zoombombing, but Zoom’s representatives do not seem to have taken adequate countermeasures. Here is the decision to activate an online petition to convince the company to take action: over 27 thousand adhesions have already been collected out of the 30 thousand expected.
BBC He said that a London synagogue suffered an anti-Semitic attack during a prayer session on Zoom. 205 people, including families with children, were insulted by dozens of abusive participants. The police are investigating, while Zoom has expressed regret for what has happened and advised to set the application settings to avoid other attacks.
“We are deeply shocked to hear about the incidents involving this type of attack. For those hosting large public group meetings, we strongly advise managers to change their settings so that only they can share their own screen,” he said. a spokesman for Zoom. “For those hosting private meetings, password protections are turned on by default and we recommend that users keep these protections to prevent uninvited users from attending.” A suggestion that must have been taken by the specialists who yesterday organized the first cabinet meeting on Zoom for the premier Boris Johnson – forced to quarantine at 10 Downing Street. Password protection in fact avoided the worst, since the photo of the session, shared on social networks, showed the numerical identification code of the meeting. Anyone could have taken advantage of that number to log in.
Zoom Video Communications was probably caught off guard by this sudden success, also because it was born in 2011 to address business users, certainly not consumers. This probably explains his reluctance to try to moderate user behavior as it happens in the most common social networks. “With such a broad adoption, misuse and misuse will come, so Zoom should prepare to handle reports and complaints,” he said. Times Jules Polonetsky, CEO of the Future of Privacy Forum.