BREAKING: Zoom settles with FTC, gets consent order prohibiting misrepresentations, agreeing to mandated information security program, 3rd party audits... Quick THREAD https://www.ftc.gov/system/files/documents/cases/1923167zoomacco2.pdf
2. Earlier this year researchers found serious problems with Zoom security & encryption. Including my colleague @billmarczak et al. at @citizenlab https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
3. Most troubling: @zoom_us had been telling customers their calls were protected with end-to-end encryption... the
@FTC took a look concluded...nope. Zoom was keeping the keys to encrypted calls.
@FTC took a look concluded...nope. Zoom was keeping the keys to encrypted calls.
4. @zoom_us was also telling users that recorded calls were immediately encrypted. Again, not true, @ftc says. Some were kept unencrypted for up to 2 months.
4. According to the @ftc @zoom_us also *secretly* installed a "ZoomOpener" app on @Apple Mac users' devices. The app bypassed security and would do other shady things, like secretly reinstalling zoom in some cases after users uninstalled it.
5. The @FTC order touches a host of areas.
(i) @zoom_us is forbidden from making a host of misrepresentations around security & privacy.
(i) @zoom_us is forbidden from making a host of misrepresentations around security & privacy.