Thousands of Zoom Video Calls Left Exposed on Open Web (washingtonpost.com) 26
Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing. From a report:
Many of the videos appear to have been recorded through Zoom's software and saved onto separate online storage space without a password. But because Zoom names every video recording in an identical way, a simple online search can reveal a long stream of videos that anyone can download and watch. Zoom videos are not recorded by default, though call hosts can choose to save them to Zoom servers or their own computers. There's no indication that live-streamed videos or videos saved onto Zoom's servers are publicly visible. But many participants in Zoom calls may be surprised to find their faces, voices and personal information exposed because a call host can record a large group call without participants' consent.
Alright, we get it already! (Score:2)
Zoom bad!
No soup for you, NEXT!
Re: (Score:2)
How is this specific to Zoom? Any video conferencing service that allowed you to record the videos and save the file would be vulnerabie.
But boy, someone out there sure is pissed that Zoom stock is rising. I'd be interested in a bit of investigative journalism into who is planting at least a couple of stories a day about how insecure Zoom is.
Re: (Score:2)
Indeed, all these stories about how bad Zoom is almost makes us forget about COVID-19! /sarcasm
Re: Alright, we get it already! (Score:2)
It's not specific to zoom at all. But posting these things about all the major web conference solutions won't help all the people shorting ZM stock make money... Which is what this campaign is actually all about.
They aren't (Score:2)
The interesting question from a technical perspective is how did it become "bad"
The very uninteresting answer is, it's not bad.
How could a codebase be bungled so badly that all of these exploits/leaks are happening?
The codebase is fine, the stories are full of misleading slander. Mom is no worse than any other video conferencing software with similar features.
Very telling you posted your "questions" as AC.
Re: (Score:2)
You kissing in my line No soup for you, NEXT!
0-2-1-3-4 (Score:2)
Re: (Score:2)
I agree. This is getting long in the tooth.
Also, while Zoom show blatant disregard for its user's privacy, Google, Amazon, Microsoft, Facebook, CloudFront and countless other, far more dangerous companies are quietly but aggressively exploiting the shit out of people's most intimate personal information, and no-one peeps a word about it on this here board.
I guess it's easier to have a go at a smaller target...
Re: 0-2-1-3-4 (Score:2)
Pleas explain how Zoom shows "blatent disregard for user privacy" - without referencing outdated and inaccurate information.
Also, Every Bloody Digital Camera or Phone (Score:2)
Re: (Score:2)
The key difference here is that all of the recordings have a deterministic naming convention which makes it easy to search the web for them.
But you are right that this has nothing to do with Zoom.
Re: (Score:2)
It works!
Re: (Score:2)
You better not try searching for files starting with DSC or DIMG then or you will lose your illusion.
Zoom Conceived With No Privacy In Mind? (Score:2)
A Message to Our Users [blog.zoom.us]
However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.
These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and secur
Re: Zoom Conceived With No Privacy In Mind? (Score:2)
Zooms main customer base is fortune 1000 corporations.
Fortune 1000 corporations don't record video conferences and then save them up on the internet.
They either leave them hosted with Zoom, or they put them on their corporate Intranet, or their Enterprise Box or Dropbox accounts.
As such, until now this non unique file names was a complete non issue because their customers were not stupid enough to do this.
Re: (Score:2)
Well, our department is using Zoom a lot - but I must admit that my trust in Zoom's security has taken a hit recently. Yes, it seems to be a popular target and not every news story regarding Zoom is valid - but there are concerning, detailed claims which can't just be hand-waved away. Here's one:
https://citizenlab.ca/2020/04/... [citizenlab.ca]
Re: (Score:2)
Misleading headline, as per norm with Zoom (Score:2)
The calls themselves are no open, they are talking about RECORDINGS of the calls - which the person arranging the call has to make.
Then from there, they are just open because the naming for them appears to be searchable in some way.
Basically, if you don't do anything your Zoom call is not visible "on the open web".
We can't trun off save to FBI mode kids use this (Score:2)
We can't trun off save to FBI mode kids use this so need to scan for stuff that we can prosecute for.
Amother nail in the coffin (Score:3)
For Zoom.
Someone should be prosecuted for this company's blatant disregard for privacy and security.
The things this software has done are so outrageous, they have to be on purpose.
No one could be that stupid, especially considering the multiple avenues of privacy violations.
And fraudulent encryption claims.....
Re: (Score:1)
Re: (Score:2)
That is just one aspect, there have been daily discoveries.
Selling info to facebook
claiming end to end encryption
there are many more