Zoom and security

April 2, 2020

You might have read articles online or in your newspaper about the security of the Zoom application we are using for our online lessons.

 

We have looked into the various issues which are being highlighted and have concluded that there is no reason for Kickstart School to stop using Zoom but we will put some additional safeguards in place.

 

Below a short summary of the highlighted issues and our conclusions and actions:

  • Full end-to-end encryption of video calls is important for highly confidential meetings. We feel that the transport encryption which Zoom is using is more than sufficient for our lessons which we do not consider to be highly confidential. The transport encryption ensures that no one who intercepts the communication can see or hear your lessons. In theory only Zoom employees could break into the system.
  • The sharing of email addresses is only applicable to users who are using a similar email domain which is interpreted by Zoom to be linked to a common employer. We do not see this as a significant risk.
  • Zoom was using a widely used Facebook software development kit in its iPhone app. Through this software it was sharing fairly harmless Zoom usage data with Facebook. Zoom has recently removed the Facebook software from its iPhone app.  In one of the articles on the Zoom security issue a software safety expert stated that "people sacrifice far more privacy using services like Facebook, Whatsapp, Gmail and Google search than by using Zoom".
  • To counter the risk of Zoombombing (unwanted visitors joining Zoom meetings showing extremist text or inappropriate messages) we will add password-protection to our Zoom lessons. We will inform all teachers and students of the meeting password ahead of the classes.
  • The last risk is associated with the chat functionality. Someone with malicious intent could post a clickable link in the chat window which could for instance expose passwords, For this to happen someone first needs to join a Zoom meeting, then post a link in the chat window. If no one clicks on the link nothing happens. It is important that all teachers monitor the attendees of their class and any links posted by unknown attendees. The new password protection of our lessons will also help to avoid this scenario.

We will continue to monitor developments and keep you posted. 

We hope this addresses all your security concerns - please feel free to contact us with any further questions!