author photo
By Clare O’Gara
Wed | Apr 29, 2020 | 6:15 AM PDT

If you're a student or remote employee amid COVID-19, chances are you're relying heavily on meetings apps like Zoom for just about everything.

First, as a fellow student, I sympathize.

Second, the mass proliferation of these platforms is posing some concerning questions about security and privacy.

From concerns about foreign governments listening to corporate video calls to the rise in "Zoom bombers" crashing meetings and classes, how secure are these remote meeting apps, really?

Thanks to Mozilla, now we know.

Which remote meeting apps are the most secure?

Known for its private and secure web browser, Mozilla knows how to keep users safe.

So it decided to put these apps to the test.

"More and more people now rely on video call apps to stay connected during the coronavirus pandemic. We reviewed the privacy and security of some of the most popular apps to help you make smart decisions on what to use to work remotely, chat with friends and family, and connect with your doctor."

Mozilla examined 15 virtual meeting platforms: Zoom, Google (Duo, Hangouts, Meet), FaceTime, Skype, Facebook Messenger, WhatsApp, Houseparty, Discord, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoToMeeting, Webex, and Doxy.me.

And it used these five key standards to compare apps:

1. Encryption
2. Security updates
3. Strong passwords
4. Vulnerability management
5. Privacy practices

An app has to satisfy all five minimum standards for Mozilla to consider it secure. And what did Mozilla find about these apps?

If you're forced to use these platforms during the pandemic, you're mostly in luck: 12 out of the 15 apps analyzed meet all five minimum benchmarks.

That's the good news.

Which video call apps fall short on cybersecurity?

But what about the apps that don't measure up?

Houseparty, Discord, and Doxy.me fail to meet the minimum security standards used in Mozilla's evaluations of the video call apps.

Mozilla explains where each of these video call apps falls short:

Houseparty: "We're afraid a lot could go wrong with Houseparty. Houseparty doesn't meet our Minimum Security Standards because we were able to use a weak password of 12345 to access the app. It also has a very pretty, easy to read privacy policy where it lays out how it collects and shares a whole lot of personal information on its users. Also, there are few protections to stop people from crashing your party. If you don't lock your party, people you don't know can join."

Discord: "Discord doesn't meet our Minimum Security Standards because it doesn't require a strong password to protect your account. Our researcher was able to login with the password '111111.' Beyond that, Discord also collects a lot of data on its users and shares it with third parties. Likely the biggest problem with Discord is its history of toxic communities, harassment, and predators."

Doxy.me: "We're afraid a number of things could go wrong. Doxy.me doesn't require a strong password when health care professionals set up an account. And two-factor authentication is not an option, so accounts could easily be hacked. That means a bad person could pretend to be your doctor. Also, there is no requirement to prove you are the actual patient who is supposed to join the call, meaning doctors or therapists who don't have a previously established relationship with a patient might not know if the person who joins their virtual appointment is really who they say they are."

During times like these, we can't forget to protect our physical and digital health. Choosing the right virtual meeting platforms can help you, your school, or your organization accomplish that goal.

Are Zoom and virtual meeting apps costing us our privacy?

And what about the privacy of all these video meeting platforms? Some say it is the end of privacy.

But in a recent SecureWorld podcast interview, cyber attorney Michael Simon of XPAN Law Group told us it is actually just the opposite:

"This is not the death knell for privacy. I see people write up that privacy's done, it's over with. I've got friends in the government who would tell me, 'Oh, it's all over.' No, it's not. This is the opposite. We're going to have to take and build privacy and cybersecurity far more into the things that we do, because now we're all using primarily these mechanisms. You know, we're being all digital. And that has to be built in."

If you are interested in this topic, you will really enjoy the podcast episode about Zoom, privacy, cybersecurity, and remote work.

Listen here or on your favorite podcast app.

Comments