For all the hype around how virtual and augmented reality will soon allow us to conduct remote meetings via hologram, it seems fair to say that the more humble video conference call offers a lot of room for improvement.
Even the wildly popular conferencing service Zoom recently ran into some trouble. As documented by the security researcher Jonathan Leitschuh in a recent Medium post, Zoom had an alarming security flaw on Macs that allowed a potential attacker to launch a denial of service attack, as well as hijack your webcam and turn it on, granting them a direct feed of your life.
“This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission,” Leitschuh writes.
The issue revolves around a web server that Zoom installs on your computer, which is meant to allow their easy “one click and you’re in” meeting links to start the meeting. Safari would usually ask your permission for your camera to be activated, but Zoom decided that this prompt was too much of a hassle, according to statement from the company, and installed a local web server on your Mac in order to bypass it.
Zoom said in the statement that bypass features like these were common, and has since patched the denial of service flaw. It also says it prepared a patch for the webcam issue by Tuesday night. If you’re a Zoom user, make sure your app implements the latest update, and be sure to change your video settings to block auto-joining, as well as make sure you’re camera doesn’t automatically turn on when you join a meeting.
For other privacy-minded consumers, here are some encrypted and open-source video conference services that have strong privacy safe-guards.
Jami is a communications platform that is end-to-end encrypted and explicitly focused on privacy. Developed by the Canadian company Savoir-faire Linux, they offer conference calling, file sharing, and messaging, among other features. The platform is also decentralized, meaning it doesn’t use centralized servers to retain personal data. Mass surveillance, or hacks, cannot occur just from focusing on one central repository and breaching it.
Jami also stores your private keys for encryption and identity solely on the device which executes it, meaning Jami cannot access your information. Positioning itself as a private replacement to Skype, Jami is also free and open sourced.
Wickr is best known as an encrypted messaging app, but they have a suite of enterprise features that can work for a business or team. Encrypted video conference calling functions across all of their versions, and the source code for this feature is available on Github for anyone to audit. When you add Wickr Me users to private channels in the app (which could be external vendors, or others) they can join end-to-end encrypted group video calls, screen sharing, and receive large files, all securely.
Wickr Enterprise, which goes beyond the base Wickr products, but has increased costs, also offers a host of privacy-oriented features. These include detecting if someone takes a screenshot of a communication, an open-access smart VPN, and user defined “burn on reading” settings. Additional features can be reviewed here.
Wire is an application for video and voice calls from Wire Swiss GmbH. Wire offers users end-to-end encrypted video conferences, the software is free, and the app is open source, which lets users audit the app’s code if they so choose. This lets them check for security vulnerabilities, as well as any other programs the app might be running. You don’t have to take the companies’ word for it, you can check yourself.
You can make conference calls or video calls with up to ten people, and the app also includes collaboration tools. Some of these include group chats with up to 128 people, secure file sharing, screen sharing in meetings, and even the ability to have messages auto delete after a certain period of time. They also offer full workflow functionality, and could potentially replace your Slack, which has some privacy issues of its own.
Signal: Signal is an incredibly secure messaging and video calling app, but unfortunately doesn’t make the cut as you can’t video chat with more than one person at once. For one-on-one meetings, though, it’s a good choice.
Jitsi: Jitsi is an open source video conferencing platform, but doesn’t feature end-to-end encryption. Communications are encrypted on a server, before being re-encrypted and sent back out. You can set up a local server on your computer, so only you can see decrypted messages, but this means the people you’re calling with have to trust you.
With other tools like Slack lacking end-to-end encryption, Zoom’s webcam bypass, and the general increasing importance of data security, these tools can help you and your team avoid breaches.