As many around the world resort to remote working conditions due to the ongoing COVID-19 pandemic, the spotlight is certainly focused on video call applications available today. Most of us have heard about Zoom‘s notorious problems with privacy and security, but what about the other alternatives?
Mozilla has just published a guide that takes a look at some of the more popular apps—specifically, the security and privacy features of each platform. The guide bases its assessment of each app based on its Minimum Security Standards: encryption, security updates, strong password requirements, vulnerability management, and privacy policies. Apps that meet all 5 criteria are certified as meeting Minimum Security Standards.
Of the 15 apps in total that are discussed in the guide, only three platforms didn’t make the cut for Mozilla: Houseparty, Discord, and Doxy.me. However, the guide has recently been updated after Discord updated its requirements for strong passwords, which means that only two apps do not meet Mozilla’s minimum standards now.
Are Houseparty and Doxy.me unsafe?
Houseparty, the platform developed by Epic Games (Fortnite creators), isn’t really a simple, standalone video conferencing app. Instead, the idea is for friends to “hang out” within the app; there are built-in games and Snapchat integration on the platform.
The issue here stems from the lack of a strong password requirement. On the app, all that is required is a minimum of 5 characters—this means that even passwords like “12345” are accepted. However, the app uses encryption, receives regular security updates, manages vulnerabilities, and has a privacy policy that you can view here.
Doxy.me, on the other hand, received the lowest score of all 15 apps reviewed. Again, there is no strong password requirement, and Doxy.me does not have a a bug bounty program, although there are other mechanisms in place for users to report vulnerabilities.
The biggest issue, according to Mozilla, has to do with Doxy.me’s simple, web browser-based platform. The program is used by medical personnel to provide medical advice remotely, and does not require an app. This means the platform fails on the “security updates” requirement—instead, Mozilla advises users to keep their browsers up to date if/when using Doxy.me.
What about Zoom?
To be utterly frank with you, I expected Zoom to fall within the group of apps that don’t meet the required standards. However—and despite the bad press the company has drawn—Mozilla says that the platfrom meets all five of its security standards.
Despite the prevalence of something called Zoombombing, where strangers hijack video conferences to broadcast inappropriate content, Mozilla appears to suggest that any past mistakes are being rectified.
“To Zoom’s credit, they have acknowledged their mistakes and seem to be working hard to fix them.”
It’s also worth noting that while encryption is present in all of the apps discussed, there are different types or levels of encryption. The type of encryption that most users really want in their messaging apps is end-to-end encryption—the kind present in apps like WhatsApp. Additionally, all of the apps support a feature that alerts participants if a video call is being recorded.
In general, competition is definitely heating up in the video conferencing space. Mozilla says that that can only be a good thing for users, which certainly makes sense. The case study of Zoom is a perfect example of how accountability should work here; the notoriety of the the platform’s problems resulted in a quick response from the company, with founder Eric Yuan even apologising for “missteps” in an interview on CNN.
And with remote working conditions expected to continue for now, it’s worth thinking about the security and privacy aspect of video calls—especially for professional purposes.
To read the full guide in detail, click here.
[ SOURCE ]