Zoom

Zoom (Zoom Video Communications, Inc.) is a telecommunications company that offers its users the ability to meet for free (with optional subscription) online through their video conferencing platform. With the free version of Zoom, hosts can hold meetings up to 40 minutes long with up to 100 participants. And, if users are interested in holding longer meetings with more participants, they can purchase a subscription for about $15-20 a month.^[1] When a host starts a meeting, they are able to send an online invitation with a link to the meeting to whoever they would like to attend. As Zoom usage increases, especially during the COVID-19 pandemic, conversations have been brought up about the ethical implications of Zoom in reference to furthering the Digital Divide, Zoom-bombing and a hidden web server vulnerability.

Zoom Features

Chat

Zoom allows users to send messages throughout the duration of the meeting. Users can send messages to individual participants or to everyone in the meeting.

Screen Share

Participants in the meeting have the opportunity to share their screen. This means that everyone else in the meeting can see what is on the person’s screen and follow along with whatever it is the person is doing/showing in real time. Participants, if granted permission, also have the ability to take control of the person who is sharing’s computer controls. This means they can control their mouse and keyboard, allowing them to directly interact with the person’s screen remotely from their own machine.

Record

Zoom meetings can be recorded and saved for viewing at a later time. Recordings can be started and stopped at any point and all participants have to agree to be recorded (if they don’t, they have the option to leave the meeting).

Polling

Hosts can launch single choice or multiple choice polls for their participants during meetings. Hosts can see the results and display them to the rest of the attendees during the meeting in addition to obtaining a report of the responses at the end of the meeting.

Reactions

Meeting participants have the option to display different reactions during the course of a meeting by clicking different emojis, including clapping, thumbs up, heart, laughing face, open mouth face and confetti. Participants can also alert the host to speed up or slow down or say “yes” or “no” to the host by hitting each button respectively. And, finally, participants can notify others that they may wish to speak by clicking the “raise hand” button.

Breakout Rooms

The host of the meeting can split the participants into breakout rooms. Each breakout room is essentially its own Zoom meeting and the host can close the breakout rooms and bring everyone back to the main call whenever. Participants can decide when they would like to leave the breakout room to return to the main call as well. When making the breakout rooms, the host can randomize the participants or put specific people in specific rooms. In addition, the host has the opportunity to give participants the chance to choose their own rooms by manually placing themselves into a room.

Waiting Room

Before the start of a meeting, a virtual “waiting room” is enabled for participants. In this room, participants can’t see other participants and are waiting to be admitted to the main room where the meeting actually takes place. The host has the ability to admit people into the main room one by one or all at once whenever they wish.

History of Zoom

Zoom was founded by Eric Yuan in 2011 and launched in January 2013. By May 2013, Zoom had one million participants.^[1] Since then, the platform has grown and expanded its offerings to provide greater meeting capacity and duration. In January 2017, Zoom became a "Unicorn" after achieving a valuation of $1 billion.^[1] In March 2019, Zoom went public at $36 per share. On the first day of trading, Zoom's stock price increased by over 72%.^[1]

During the 2020 COVID-19 pandemic, Zoom’s popularity rose greatly. Due to social distancing guidelines and lockdown orders, traditional in-person gatherings and activities were required to move online. This shift greatly benefited Zoom, which went from 10 million active users in late 2019 to 300 million active users by April 2020.^[4]

Privacy Policy

According to its official privacy statement, Zoom is committed to protecting the privacy of its users. Zoom serves as a data controller as they determine what data to collect and why. For example, users provide Zoom with their date of birth, full name, and email address when they register. This information is used for several purposes, including displaying user information such as their full name, in meetings.^[5]

When a user logs into a Zoom account, Zoom will ask them to accept its use of cookies. Zoom utilizes cookies to enhance the functionality of its site. Zoom also uses advertising cookies which are used by advertising companies to serve ads related to specific user interests.^[6]

In March 2020, there were concerns by users and privacy experts about Zoom potentially collecting information from users’ meetings. According to Zoom's privacy policy, Zoom is able to use personal information for targeting ads on or off the platform, or for other business purposes.^[7] As a result, Zoom updated its privacy policy to clarify details on data privacy. In a company blog post, Zoom’s Chief Operating Officer, Aparna Bawa, clarified that Zoom does not sell users’ data and it does not monitor meetings. In addition, the post clarified that no data regarding user activity on the Zoom platform- including video, audio, and chat content- is ever provided to third parties for advertising purposes.^[8]

Ethical Implications

Furthering the Digital Divide in Education

The “digital divide” refers to the unequal access that different groups of people have to technology and the Internet.^[9] One area impacted by the "digital divide" is online education. The quality of online education is heavily dependent on a student's internet connection.^[10] Students lacking reliable internet connections are disadvantaged due to their inability to access and participate in their online classes. This gives an advantage to the students who have reliable, high-speed Internet as they will have better access to class materials and teachers. In addition, online education through Zoom is reliant on physical technology such computers, laptops, and tablets. Many families are unable to provide their school-age children with dedicated devices, and must instead share their devices among multiple family members. Students in such families often face difficulties logging onto their classes or submitting their schoolwork on time due to other family members denying them access to the limited supply of technological devices. According to the Corporation for Public Broadcasting, children from high-income households are twice as likely to have computer access than children from low-income households.^[11] This "digital divide" places students living in low-income households at a disadvantage due to lack of devices and reliable Internet access.

Zoom-bombing

With the rise of Zoom has also come the rise of “Zoom-bombing.” Zoom-bombing is when uninvited people join Zoom meetings for the sole purpose to disrupt and harass participants.^[12] One example is when a virtual Holocaust memorial event was “bombed” by people showing photos of Adolf Hitler and yelling anti-Semetic phrases.^[13] This has led to the discussion of privacy and security concerns with Zoom. With people using Zoom for everything from company meetings, to class, to family reunions, all types of personal and confidential information is being shared over Zoom. So, if people are able to enter any call they want, such as in a Zoom-bombing attack, these people will have access to the information that is being shared on the call.

macOS Hidden Web Server Vulnerability

In July 2019, a major security vulnerability was discovered in Zoom’s macOS application by security researcher, Jonathan Leitschuh. The vulnerability allowed any website, including those not owned by Zoom, to launch a video-enabled Zoom call on a user’s computer without that user’s permission. As soon as a user visited a compromised website, their webcam would be turned on and they would enter an unwanted Zoom call, broadcasting their face and surroundings to potentially malicious actors.^[14]

This vulnerability also uncovered a more significant security flaw. One of Zoom’s notable features is the ability for hosts to share links that will automatically launch the desktop Zoom app of attendees once clicked. The method by which Zoom’s engineers implemented this feature on macOS was discovered by Leitschuh to involve a hidden web server. Whenever a user clicked on a Zoom call’s share link, this hidden web server would be pinged and would then launch the Zoom desktop application.^[15]

This hidden web server would initially be downloaded alongside the Zoom desktop app, but would stay installed even after a user deleted their Zoom app. Furthermore, this web server could be used to automatically reinstall Zoom without the user’s permission or knowledge. In conjunction with the compromised website flaw, this would allow a malicious actor to secretly hijack the webcams of unsuspecting victims as long as they had installed the Zoom desktop application in the past. Even those users who already deleted their Zoom app were at risk due to the vulnerabilities.^[17]

Leitschuh initially gave Zoom’s security team a 90 day headstart to fix the flaws. However, due to Zoom’s lack of action regarding the vulnerabilities, Leitschuh wrote a public blog post in order to draw attention towards the issue.^[18] Due to mounting public pressure, Zoom quickly released a new version of their desktop app with the vulnerabilities fixed. As an additional precaution, Apple Inc., the creators of macOS, pushed an emergency security patch to all macOS computers worldwide to remove the vulnerabilities.^[19]

References

1. ↑ ^{1.0 1.1 1.2 1.3} Chawla, Ajay, Coronavirus (COVID-19) – ‘Zoom’ Application Boon or Bane (May 20, 2020).
2. ↑ Vincent, James. “Zoom’s latest accessibility features let you pin and spotlight multiple videos during calls” The Verge, September 2020, https://www.theverge.com/2020/9/23/21452400/zoom-accessibility-features-pin-spotlight-multiple-videos-during-call.
3. ↑ Zaveri Paayal, Gould Skye. “These charts show how use of Microsoft Teams, Slack, and Zoom has skyrocketed thanks to the remote work boom” Business Insider, May 2020, https://www.businessinsider.com/microsoft-teams-slack-zoom-usage-charts-increased-remote-work-pandemic-2020-4.
4. ↑ Wiederhold, Brenda K. “Connecting Through Technology During the Coronavirus Disease 2019 Pandemic: Avoiding ‘Zoom Fatigue.’” Cyberpsychology, Behavior, and Social Networking, vol. 23, no. 7, 2020, pp. 437–438., doi:10.1089/cyber.2020.29188.bkw.
5. ↑ https://zoom.us/privacy?zcid=1231#_Toc44414835
6. ↑ https://ethics.berkeley.edu/privacy-considerations-when-using-zoom
7. ↑ https://www.consumerreports.org/privacy/zoom-tightens-privacy-policy-says-no-user-videos-analyzed-for-ads/
8. ↑ https://blog.zoom.us/zoom-privacy-policy/
9. ↑ Gorski, Paul. “Education Equity and the Digital Divide.” Association for the Advancement of Computing in Education, vol. 13, no. 1, Jan. 2005.
10. ↑ Oliveira Dias, Dr. Murillo, et al. “Will Virtual Replace Classroom Teaching? Lessons from Virtual Classes via Zoom in the Times of COVID-19.” Journal of Advances in Education and Philosophy, vol. 04, no. 05, 2020, pp. 208–213., doi:10.36348/jaep.2020.v04i05.004.
11. ↑ Gorski, Paul. “Education Equity and the Digital Divide.” Association for the Advancement of Computing in Education, vol. 13, no. 1, Jan. 2005.
12. ↑ Ling, Chen, et al. “A First Look at Zoombombing.” ArXiv.org, 8 Sept. 2020, arxiv.org/abs/2009.03822.
13. ↑ Aiken, Adam. “Zooming in on Privacy Concerns: Video App Zoom Is Surging in Popularity. In Our Rush to Stay Connected, We Need to Make Security Checks and Not Reveal More than We Think.” Index on Censorship, vol. 49, no. 2, July 2020, pp. 24–27, doi:10.1177/0306422020935792.
14. ↑ Bohn, Dieter. “Serious Zoom security flaw could let websites hijack Mac cameras” The Verge, July 2019, https://www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras.
15. ↑ Leitschuh, Jonathan. “Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!” InfoSec Write-ups, July 2019, https://infosecwriteups.com/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5.
16. ↑ Slivka, Eric. “Zoom Updates Mac App Installer to Remove Controversial 'Preflight' Installation Method” MacRumors, April 2020, https://www.macrumors.com/2020/04/02/zoom-removed-preflight-installer/.
17. ↑ Goodin, Dan. “Zoom for Mac made it too easy for hackers to access webcams. Here’s what to do” Ars Technica, July 2019, https://arstechnica.com/information-technology/2019/07/zoom-makes-it-too-easy-for-hackers-to-access-webcams-heres-what-to-do/.
18. ↑ Leitschuh, Jonathan. “Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!” InfoSec Write-ups, July 2019, https://infosecwriteups.com/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5.
19. ↑ Whittaker, Zack. “Apple has pushed a silent Mac update to remove hidden Zoom web server” TechCrunch, July 2019, https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/.