The Mozilla Foundation's *Privacy Not Included guide grades Zoom, Facebook and other platforms on their privacy and security features and flaws
Almost as soon as the quarantine started, Zoom was flooded with new users. And almost as quickly, the popular video chat app was criticized for its privacy issues and susceptibility to troll attacks. Zoom isn’t the only video chat app that people have been flocking to in order to stay connected during this time of self-isolation, nor is it the only one with issues.
Of the 15 Mozilla evaluated, only three didn’t make the cut. Surprisingly, none of them are Zoom: Houseparty, Discord and Doxy.me. Houseparty and Discord are both popular with younger users and gamers, but they both lose marks for weak password requirements and worrying amounts of data collection. Discord has also been known for its alt-right and misogynistic troll problem. The most worrying of the three that don’t make the cut is Doxy.Me, which is a health-care platform that doesn’t require strong passwords or two-factor verification.
These apps that did pass the test: Zoom, Google Duo/HangoutsMeet, Apple FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting and Cisco WebEx.
Surprisingly, Zoom, the app that has garnered the most criticism, is on the list.
“Zoom has been criticized for privacy and security flaw,” writes Mozilla. “Because there are many other video call app options out there, Zoom acted quickly to address concerns. This isn’t something we necessarily see with companies like Facebook, which don’t have a true competitor.”
Mozilla found that all the apps notify users when they’re being recorded and all use some form of encryption, but that not all use end-to-end encryption – meaning only those who are part of the call can access the call’s content – which it calls “the holy grail” of encryption. And despite Mozilla’s own minimum security requirements, most of the apps have their own set of risks: Facebook’s collection and sharing of personal information, WhatsApp’s misinformation, etc. And Mozilla singles out the two open-source apps in the guide – Jitsi Meet and Signal –for their strong privacy protections.
Check out the whole guide here.
UPDATE (5/11): Mozilla has updated its guide and Discord now meets its MInimum Security Requirements.