Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Businesses Software

Thousands of Zoom Video Calls Left Exposed on Open Web (washingtonpost.com) 26

Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing. From a report: Many of the videos appear to have been recorded through Zoom's software and saved onto separate online storage space without a password. But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos that anyone can download and watch. Zoom videos are not recorded by default, though call hosts can choose to save them to Zoom servers or their own computers. There's no indication that live-streamed videos or videos saved onto Zoom's servers are publicly visible. But many participants in Zoom calls may be surprised to find their faces, voices and personal information exposed because a call host can record a large group call without participants' consent.
This discussion has been archived. No new comments can be posted.

Thousands of Zoom Video Calls Left Exposed on Open Web

Comments Filter:
  • Zoom bad!

    No soup for you, NEXT!

    • How is this specific to Zoom? Any video conferencing service that allowed you to record the videos and save the file would be vulnerabie.

      But boy, someone out there sure is pissed that Zoom stock is rising. I'd be interested in a bit of investigative journalism into who is planting at least a couple of stories a day about how insecure Zoom is.

    • You kissing in my line No soup for you, NEXT!

  • Zoom Zoom do a Zoom do! Bet nobody remembers that. https://www.youtube.com/watch?... [youtube.com]
    • I agree. This is getting long in the tooth.

      Also, while Zoom show blatant disregard for its user's privacy, Google, Amazon, Microsoft, Facebook, CloudFront and countless other, far more dangerous companies are quietly but aggressively exploiting the shit out of people's most intimate personal information, and no-one peeps a word about it on this here board.

      I guess it's easier to have a go at a smaller target...

  • So stop with the fucking clickbait already.
    • The key difference here is that all of the recordings have a deterministic naming convention which makes it easy to search the web for them.

      But you are right that this has nothing to do with Zoom.

      • So do cameras. You like pictures from Panisonic cameras? Try a google image search for P1000001

        It works!

      • by spitzak ( 4019 )

        You better not try searching for files starting with DSC or DIMG then or you will lose your illusion.

  • A Message to Our Users [blog.zoom.us]

    However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.

    These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and secur

    • Zooms main customer base is fortune 1000 corporations.

      Fortune 1000 corporations don't record video conferences and then save them up on the internet.

      They either leave them hosted with Zoom, or they put them on their corporate Intranet, or their Enterprise Box or Dropbox accounts.

      As such, until now this non unique file names was a complete non issue because their customers were not stupid enough to do this.

      • Well, our department is using Zoom a lot - but I must admit that my trust in Zoom's security has taken a hit recently. Yes, it seems to be a popular target and not every news story regarding Zoom is valid - but there are concerning, detailed claims which can't just be hand-waved away. Here's one:

        https://citizenlab.ca/2020/04/... [citizenlab.ca]

  • Comment removed based on user account deletion
  • The calls themselves are no open, they are talking about RECORDINGS of the calls - which the person arranging the call has to make.

    Then from there, they are just open because the naming for them appears to be searchable in some way.

    Basically, if you don't do anything your Zoom call is not visible "on the open web".

  • We can't trun off save to FBI mode kids use this so need to scan for stuff that we can prosecute for.

  • by Grand Facade ( 35180 ) on Friday April 03, 2020 @04:35PM (#59905858)

    For Zoom.

    Someone should be prosecuted for this company's blatant disregard for privacy and security.

    The things this software has done are so outrageous, they have to be on purpose.

    No one could be that stupid, especially considering the multiple avenues of privacy violations.
    And fraudulent encryption claims.....

    • Well, in fairness Zoom gives people the option of saving locally rather than in the cloud. They also give people the option of whether the data will be password protected and private, or publicly available. So if people choose not to read, and leave themselves exposed, it is those people's fault really.
      • That is just one aspect, there have been daily discoveries.

        Selling info to facebook
        claiming end to end encryption
        there are many more

To be or not to be, that is the bottom line.

Working...