With citizen lockdown now spanning half the globe, don’t forget about privacy during these times.
Most work environments are now private homes. Collaborating and staying in touch with colleagues has changed rapidly, so lets have a quick look at the main areas through a privacy lens:
As we replace normal face-to-face meetings with video conferencing platforms, Zoom has exploded due to it’s simple interface and scalability. However, there are historical and current issues to be aware of when considering using this service:
- Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
- Zoom needs to clean up its privacy act
- Zoom Calls Aren’t as Private as You May Think. Here’s What You Should Know.
- Zoom’s attention-tracking feature is ripe for misuse
- Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
- Zoom meetings aren’t end-to-end encrypted, despite misleading marketing
- Windows flaw lets Zoom leak network credentials, runs code remotely
- Ex-NSA hacker finds new Zoom flaws to takeover Macs again, including webcam, mic, and root access
- Google has banned the Zoom app from all employee computers over ‘security vulnerabilities’
- Taiwan Bans Official Use of Zoom Over Cybersecurity Concerns
- Elon Musk’s SpaceX bans Zoom over privacy concerns – memo
- NYC forbids schools from using Zoom for remote learning due to privacy and security concerns
- ‘Not a safe platform’: India bans Zoom for government use
- Zoom’s Updated Terms of Service Permit Training AI on User Content Without Opt-Out
One option if you can’t get away from using the platform is to not download the app but log in via a ‘secure’ browser to a meeting using a something like Brave or Epic (just don’t have the app downloaded and click the link from the invite which takes you online).
Zoom though is not the only option out there. Other alternatives include:
- Jitsi (open source)
- Big Blue Button (open source – if you’re in NZ check out this post from the NZ Open Source Society Project for some more insights on this platform use plus a great chat option also – hat tip Dave Lane)
If you can use a browser based video conference option (along with a proxy-based privacy-centric browser) then the only thing to allow is access to camera and microphone, which can be turned off again in the browser settings once the call has finished.
To replace the casual opportunities for quick chats and interactions the office offers, think about setting up a group channel utilising chat functionality to stay in touch.
Something like Slack is very popular for this as might already being used in a corporate setting, but again this has privacy considerations [Are Your Remote Work Apps Spying on You?]. Some folks also utilise WhatsApp although this is owned by Facebook who have a history of capturing and then commodify data for external use like influencing elections etc.
Explore something like Signal or Telegram which have end-to-end encryption. Also, both have desktop versions so your phone can be kept for personal use and you’ll only be ‘at work’ when on your computer.
PERSONAL vs WORK
You might be using personal technology devices for the first time for work such as laptops and / or phones plus other tablets.
For laptops / home computers / tablets, set up a separate user account so that all work activities plus programmes / apps are set up there. For phones there’s also an iOS and Android option (hat tip Mike Riversdale)
This will aid the psychological perspective of ‘going to work’ in the morning when you log on to these accounts.
If you’re adding any apps to your personal phone during this time ensure you’re not giving access to all your contacts and access fully to your phone.
Also, if you have any smart speakers running Alexa or Google Assistant, consider that they also now are privy to your calls and any verbal interactions you have. For some professions unplug the devices completely as they could become a potential security risk for information leakage.
Truly appreciate there are bigger things going on for many at this time plus many will be mandated by ‘HQ’ on preferred systems / platforms / apps (which again why setting up alternative user accounts and separating personal devices from work is important).
Remember to read the privacy and data policies of any websites, platforms and technology being utilised and make informed choices from that basis.
Very much open to other alternatives explored above so add them in the comments below and will check them out plus add to the blog post.