Stanford should be cautious when using Zoom

Opinion by Helena Zhang
April 22, 2020, 8:05 p.m.

In response to the pandemic, schools around the country and globe are now using Zoom to facilitate remote education. As the meeting platform becomes a staple of pandemic life we forget about its shadow. After all, Zoom is the lifeline that enables us to go to class, attend meetings, celebrate birthdays and keep in touch with family and friends.

However, behind Zoom’s soaring popularity and ease of use is a failure to protect our privacy and safety.

After my math class last Friday, the urgency behind newspaper headlines such as “A Flaw in Teleconferencing App Zoom Could Have Let Hackers Access Your Webcam,” “Singapore stops Zoom for online education as hackers strike” and “Zoom Is Easy. That’s Why It’s Dangerous” became alarming.

In an eerie and low voice, somebody interrupted the lecture and spoke sentences we couldn’t make out. At first, we were simply confused. As time went by, the confusion turned into unease and classmates began commenting “that was scary” in the chat box. To me, the scariest part of all is that many of us had our videos turned on, letting other screens peer into our bedrooms and living rooms. And I know this is a hypothetical, but what if a Zoom bomber was able to see into our homes and record us?

Moreover, the surge of reports of Zoom video meetings being crashed by uninvited participants and bombarded with inappropriate material — hate speech, harassment or shocking imagery — suggests that it’s only a matter of time before our classes are raided. Simply put, the frictionless features behind Zoom’s soaring popularity make the open and free platform too dangerous. Joining a call is as simple as clicking a link. The curse however, is that we find ourselves in vulnerable situations as message boards such as Reddit provide forums where people gather to share codes and organize harassment campaigns. The New York Times has revealed that “links to public Zooms are traded in Facebook Groups and Discord chats, and are easily discoverable on Twitter and public event pages.”

Besides the lack of privacy features leading to the weaponization of Zoom, there are many more questionable security practices that have been recently brought to light. Researchers have found that, despite marketing promises, Zoom has not encrypted users’ communications with end-to-end encryption — a system that prevents third parties from accessing private communications. On the other hand, journalists have publicized that the company’s iPhone app has leaked data to Facebook while also displaying data from people’s LinkedIn profiles without their knowledge or permission. And just a day ago, an article titled “Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox” disclosed the security vulnerabilities in Zoom’s software that were discovered from hackers who were privately paid by Dropbox. In tandem to reports on how attackers are selling Zoom users’ passwords and security flaws that could allow access into users’ computers, these hired hackers have reported bugs that allow attackers to observe calls, take over users’ actions on the app and run malicious code or install malware on Mac computers with Zoom’s software. 

The security concerns that have been raised have been reacted to accordingly by New York City’s school district, Google, Elon Musk’s SpaceX and Singapore. These companies, school boards and governments have all banned the use of Zoom.

Stanford needs to take the lead of NYC schools and stop using Zoom before hypotheticals become a reality. We cannot wait until hackers hijack our classes and show obscene images, or yell profanities, before we do something. There’s too much uncertainty over our security and privacy. And there’s too much behind Zoom we don’t know.

After the FBI warned that Zoom is susceptible to the digital hijacking of classrooms, the New York City Department of Education advised teachers to use Microsoft Team instead of Zoom. I believe that taking steps away from Zoom is an appropriate response. Making Zoom meetings private and adding a waiting room function is not enough of a solution. I say this because we must seriously consider the rumors of hackers hijacking Mac webcams, the sharing of user data and leaking of Zoom recordings, forcing people into calls without their knowledge and Zoom-bombing. 

CEO Eric Yuan admits, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” And in dialogue to the rumors and concerns over Zoom’s security practices being unable “to adapt to the recent and sudden surge in both the volume and sensitivity of data,” Mr. Yuan has apologized and admitted that Zoom has “fallen short of the community’s — and our own — privacy and security expectations.” From the bottom of my heart, I believe that these security mishaps are not purposeful. I also have nothing but respect for the company’s response to the public’s concerns. He writes, “Zoom is freezing all feature development for 90 days to divert all its engineering resources to focus on our biggest trust, safety, and privacy issues.” 

However, for the time being, the abundance of security mishaps makes us vulnerable to hackers. Instead of playing Whack-a-mole to fix every mishap, perhaps we should resort to other video conferencing platforms as Zoom strengthens their security measures. For instance, an alternative to Zoom can be Microsoft Teams, the platform that schools in New York City are being directed to. Microsoft Teams is a highly secure solution that meets many security compliance regulations and supports data encryption and two-factor authentication, which provides an extra layer of security. And for smaller classrooms, given that students have Apple devices, teachers can use FaceTime, which uses end-to-end encryption. 

Meanwhile, we can take some steps to protect ourselves. Professors can turn on Zoom security settings such as adding a meeting password or a waiting room to prevent unwanted guests from joining the meeting. Moreover, the screen-sharing option can be enabled to “host only” to prevent the Zoom-bombing of obscene images. And as for students of Zoomford, we can use Zoom’s virtual background feature to hide the backdrop of our homes. 

The same way we ensure our campus is a safe place, we must take action to make Zoom University as safe as possible — even if that means leaving Zoom behind.

An earlier version of this article erroneously suggested that the author’s experience in her mathematics class was a confirmed Zoom-bombing. The Daily regrets this error.

Contact Helena Zhang at [email protected]

The Daily is committed to publishing a diversity of op-eds and letters to the editor. We’d love to hear your thoughts. Email letters to the editor to [email protected] and op-ed submissions to [email protected]

Follow The Daily on Facebook, Twitter and Instagram.

Login or create an account