Sunday, October 17, 2021

Zoom to pay $ 85 million for lying about encryption and sending data to Facebook and Google

- Advertisement -

Must read

Enlarge / Technical preview of Zoom’s end-to-end encryption, available months after Zoom was caught lying to users about how it encrypts video calls.

Zoom agreed to pay $ 85 million to settle claims that it lied about offering end-to-end encryption and handed over user data to Facebook and Google without users’ consent. The settlement between Zoom and the class-action filers also covers the security concerns that led to “Zoombings” rampant.

The proposed agreement it would typically give Zoom users $ 15 or $ 25 each and it was filed Saturday in the US District Court for the Northern District of California. It came nine months after Zoom agreed to security enhancements and a “ban on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement did not include compensation for users.

As we wrote in November, the FTC said Zoom claimed that it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 whitepaper, in an April blog post. 2017 and in direct responses to inquiries from clients and potential clients. In reality, “Zoom did not provide end-to-end encryption for any Zoom meetings that took place outside of Zoom’s ‘Connecter’ product (which is hosted on the customer’s own servers), because Zoom’s servers, including some located in China, they hold the cryptographic keys that would allow Zoom to access the content of its clients’ Zoom meetings, “the FTC said. In real end-to-end encryption, only the users themselves have access to the keys necessary to decrypt the content.

The new class action settlement applies to Zoom users nationwide, regardless of whether they used Zoom for free or paid for an account. If the court approves the settlement, “Class members who paid for an account will be eligible to receive 15 percent of the money they paid Zoom for their primary Zoom Meetings subscription during that time. [March 30, 2016, to July 30, 2021] or $ 25, whichever is greater, “the agreement read.” Class members who are not eligible to submit a Paid Underwriting Claim may submit a claim for $ 15. These amounts may be adjusted, prorated, up or down, depending on the volume of claims, the amount of any award fees. and expenses, payments of services to class representatives, taxes and expenses of taxes and expenses of administration of the agreement “.

Class attorneys would receive attorney fees of up to 25 percent of the $ 85 million and up to $ 200,000 for reimbursement of expenses. About a dozen named plaintiffs are seeking approval for payments of $ 5,000 each. A hearing on the plaintiffs’ motion for preliminary approval of the settlement is scheduled for October 21, 2021.

In addition to payments, Zoom “agreed to more than a dozen major changes to its practices designed to improve meeting security, strengthen privacy disclosures and safeguard consumer data,” according to the agreement.

With the pandemic boosting its video conferencing business, Zoom more than quadrupled its annual revenue of $ 622.7 million to $ 2.7 billion in the 12 months ended January 31, 2021. Zoom also reported $ 672 million in net revenue for the 12-month period, up from $ 25.3 million the prior year . Zoom is on track to perform better this year as reported First quarter revenue (February-April) of $ 956.2 million and net income of $ 227.5 million.

Zoom cannot redefine end-to-end encryption

An amended class action lawsuit complain filed in May 2021, it said that despite Zoom’s bogus end-to-end (E2E) encryption promises, “the encryption keys for each meeting are generated by Zoom’s servers, not client devices.” .

Continuous:

The connection between the Zoom application running on a user’s computer or phone and the Zoom server is encrypted in the same way that the connection between a web browser and a website is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. In a Zoom meeting using this encryption technology, video and audio content will remain private from anyone spying on Wi-Fi, but will not remain private from the company or, presumably, from anyone with whom the company shares its access voluntarily, by obligation of law (eg, at the request of law enforcement agencies), or involuntarily (eg, a hacker who can infiltrate company systems). With true E2E encryption, the encryption keys are generated by the client (client) devices and only meeting participants have the ability to decrypt it.

Zoom’s website stated that its service allows a host “[s]host a meeting with end-to-end encryption “and that” Zoom’s security solution and architecture provides end-to-end encryption and meeting access controls so data in transit cannot be intercepted, “according to the complaint. But Zoom is not entitled to its own definition of end-to-end encryption, the class action lawsuit said. “The definition of end-to-end encryption is not subject to interpretation in the industry,” the lawsuit said. “Zoom’s misrepresentations are a stark contrast to other video conferencing services, such as Apple’s FaceTime, which have taken on the more challenging task of implementing true E2E encryption for a multi-party call. “

Zoom’s failure to provide end-to-end encryption was reported by The Intercept in March 2020. Zoom’s response to that article “made it clear that Zoom knew it was not using the industry-accepted definition of E2E encryption and had made a conscious decision to use the term ‘end-to-end’ anyway. “. the lawsuit said.

The Zoom app used to include a text box that was revealed by “hovering over the green padlock in the upper left corner” and saying, “Zoom is using an end-to-end encrypted connection,” the complaint noted, adding that ” Zoom has since changed this text to simply say that the session is encrypted. “

In April 2020, Zoom He apologized “From the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption … Although we never intended to mislead any of our clients, we acknowledge that there is a discrepancy between the commonly accepted definition of encryption from end-to-end and how we were using it. “

In October 2020, zoom Announced Availability of a “technical preview” of your first real end-to-end encryption offering. Zoom of website says the offering is still in the technical preview stage “and disables several other features”, so Zoom recommends it “only for meetings where additional protection is needed.”

Give user data and allow zoom blitz

Zoom users relied on the company’s promises that “Zoom does not sell user data” and that “Zoom takes privacy seriously and adequately protects users’ personal information,” the lawsuit says. Class members did not understand that “Zoom would collect and share [their] Personal information with third parties, including Facebook and Google “and” allow third parties, such as Facebook and Google, to access [their] personal information and combine it with content and information from other sources to create a unique identifier or profile of [each user] for advertising and behavioral influencing purposes, “he continued.

Because Zoom implemented the Facebook SDK, user data was sent by Zoom to Facebook “regardless of whether the user has created a Zoom or Facebook account, and worse, before the user has found them. Zoom’s terms and conditions or any privacy disclosure, “the lawsuit said. Although Zoom allegedly “removed the Facebook SDK, Zoom continues to share equally valuable user data with Google through Google’s Firebase Analytics SDK, also built into the Zoom app. The plaintiffs never granted third parties permission to extract and use that data. In fact, they weren’t even aware of the data transmission. ” In addition to Facebook and Google, Zoom “sends personal data about its users to hotjar, Zendesk, AdRoll, Bing, and others.”

The lawsuit also said Zoom blamed users for a series of Zoom bombings even though the problem was due to Zoom’s security deficiencies. Zoom could have limited meeting interruptions by unauthorized participants with “relatively simple technical fixes … for example, making it easy for hosts to cancel a meeting and / or eject a zoom bomber with the push of a button, default setting of screen sharing control, or implement stronger meeting security protocols (admission of attendees), such as identity verification or unique access codes for meetings, “the lawsuit says.

“As early as March 20, 2020, Zoom admitted that their product had a problem with Zoombombing. However, instead of changing the security protocols and default features, Zoom turned its back on its users, claiming they were to blame. of his inability to use the program correctly, “said the complaint.

Settlement requirements

The settlement “requires Zoom not to reintegrate the Facebook SDK for iOS into Zoom meetings for one year” and to ask Facebook to “remove any US user data obtained from the SDK.” The security and transparency changes that Zoom agreed to also include the following:

  • Develop and maintain, for at least three years, documented protocols and procedures to support third-party applications for dissemination to users through the Zoom Marketplace.
  • Develop and maintain a user assistance ticket system for internal monitoring and communication with users about reports of meeting interruptions.
  • Develop and maintain a documented process for communicating with law enforcement about meeting disruptions involving illegal content, including staff dedicated to reporting serial meeting disruptions to law enforcement.
  • Develop and maintain security features such as attendee waiting rooms, meeting suspension button, and country-specific user lockout for a minimum of three years.

Zoom would be needed “to better educate users on the security features available to protect meeting security and privacy, through dedicated space on the Zoom website and banner notifications.” The Zoom website will also need to include “centralized information and links for parents whose children are using K-12 accounts provided by the school.”

After the deal was announced, Zoom gave the media a statement admitting no wrongdoing. “The privacy and security of our users are Zoom’s top priorities, and we take seriously the trust our users place in us,” said Zoom. “We are proud of the advancements we have made on our platform and look forward to continuing to innovate with privacy and security at the forefront.”

Do Not Miss

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Russian film crew returns to Earth after filming the first movie...

0
A Russian actor and a film director have returned to Earth after spending 12 days on the International Space Station filming scenes for the...

Fantasy Cricket Tips, Playing Today’s 11th and Release Report

0
Amdocs CC will face the Nicosia Tigers in match 17 and 18 of the ECS-T10 Cyprus Encore on October 17 at Ypsonas Cricket Ground...

How AI is helping make breast cancer history – TechCrunch

0
Thomas clozel Taxpayer Thomas Clozel, MD., is co-founder and CEO of Owkin, former assistant professor of clinical onco-hematology at Hôpital Henri-Mondor in Paris, and former member...

17 American missionaries, including children, kidnapped in Haiti | News

0
The group was leaving an orphanage in Port-au-Prince when they were kidnapped, media reports say.A group of 17 Christian missionaries from the United States,...

Fantasy Cricket Tips, Today’s Playing 11 and Release Report for ICC...

0
Denmark (DEN) will meet Jersey (JER) in the fifth match of the ICC World T20 Europe Qualifier at the Desert Springs Cricket Ground in...

College Football Rankings: Top 25 Projected NCAA Teams After Week 7

0
It just wouldn't be a college football weekend in 2021 if at least one team didn't suffer from a nuisance no one saw coming. No....

Direct jobs: Lyfts to wages make it difficult for platforms to...

0
Companies in the gig economy say they excel at transporting goods or people. Critics say its core business is selling the labor of...

Fantasy Injury Updates: Latest News on TJ Hockenson, Allen Robinson, Kadarius...

0
One star TE (TJ Hockenson) and two WR3s (Allen Robinson and Kadarius Toney) are all "questionable" heading into Week 6 games, which is sure...

UFC News: Mike Tyson Reveals If He Considered Switching To MMA...

0
Mike Tyson has revealed that he never really considered transitioning from boxing to MMA when he was an active professional fighter.However, Tyson suggested that...

Little Amal in Great Britain: Giant Syrian Girl Puppet Comes to...

0
Little Amal's transcontinental odyssey will begin its final stage this week when the giant puppet of a nine-year-old Syrian girl reaches the shores of...

How the Patriots have helped Mac Jones look like the best...

0
Call it "Easy Mac" because the Patriots quarterback has made it look like that this season. The Patriots opened their eyes when they released Cam...

Hawks on all sides ready to dive if Iran delays nuclear...

0
C.Coordinated warnings last week from the United States, Israel and the EU that "the time is short" to reactivate an agreement that curbs Iran's...

America Has a Silent Pig Pandemic at its Door Once Again...

0
A. The pandemic is quietly spreading around the world, and it is not Covid-19. Since African swine fever (ASF) was...

A look at YouTube’s internal team of creators associations, which has...

0
Tripp Mickle / Wall street journal: A look at YouTube's internal team of creators associations, which has more than 1,000 employees...

Aspen Ladd coach Jim West issues first statement after unimpressive performance...

0
Aspen Ladd returned to the Octagon by headlining a UFC Fight Night event in a featherweight showdown against Norma Dumont. In a largely...

Mike Tyson praises Dana White for the way she runs UFC

0
Mike Tyson has praised Dana White.'Iron Mike' recently appeared on the Full submission podcast. During the interaction, Tyson discussed a variety of topics, including...

Russell Wilson trade rumors: Where will the injured Seahawks quarterback play...

0
From "Go 'Hawks" to "No' Hawks?" While Russell Wilson is temporarily out of the game as he recovers from a finger injury, his future with...

The Joy of Little Things by Hannah Jane Parkinson Review –...

0
I.In 2018, when things were looking bleak, both in her personal life and in the world at large, journalist Hannah Jane Parkinson began writing...

Gautam Gambhir feels that Varun Chakravarthy can also be used with...

0
Gautam Gambhir feels that Varun Chakravarthy can be used by the India team at different stages of the innings in the upcoming T20 World...

Thousands of people demonstrate in the capital of Sudan to demand...

0
Thousands of pro-military protesters have demonstrated in central Khartoum, vowing not to leave until the government dissolves in a threat to Sudan's transition to...

Who is Caleb Williams? Meet the Oklahoma quarterback taking over...

0
Whether he intended to or not, Oklahoma coach Lincoln Riley has created a full-blown media circus around his team's quarterback situation between Spencer Rattler...

Who is the main villain of ‘The Batman’? Fans Are...

0
Last year, Warner Media hosted the first DC FanDome in August 2020, where Matt Reeves The batman starring Robert Pattinson showed a trailer. ...

Gurman: A Mac Developer Says New MacBook Pro Chips Called M1...

0
Sami Fathi / MacRumors: Gurman: A Mac Developer Says New MacBook Pro Chips Called M1 Pro and M1 Max Appeared In...

On the famous and rich ‘cockroaches’ and tax evasion | ...

0
Rich, famous, and infamous people who evade taxes are a lot like cockroaches - they can be lightning fast and prefer to move around...

China’s energy crisis threatens prolonged disruption to the global supply chain

0
Factory owners in China and their customers around the world have been told to prepare for power outages to become a part of life...

Trend watch: How to wear oversized shirts | fashion

0
A.An oversized shirt is the neutral power player in your wardrobe. Choose a pinstripe, or a classic white or blue, and you will...

Nate Díaz visits Mikey García in the locker room after the...

0
Nate Diaz visited Mikey Garcia in the locker room after his shocking loss to Sandor Martin. Garcia returned to boxing after a two-year...

Lex-in-depth: does Uber deserve its $91bn valuation?

0
Low prices made Uber into a global sensation. Now they threaten its future. Cheap fares kept the ride-hailing app on the road through its...

Marvin Vettori reveals his pick for Francis Ngannou vs. Ciryl Gane

0
Francis Ngannou and Ciryl Gane will fight to unify the UFC heavyweight title at UFC 270 on January 22, multiple sources confirmed. @bokamotoESPNThe contracts...

ECB considers boosting debt purchases from EU recovery funds

0
The European Central Bank is exploring raising its limit on purchases of EU-issued bonds, in a move that would improve its flexibility in asset...

CSK star Ruturaj Gaikwad receives a big welcome at home after...

0
Chennai Super Kings (CSK) starter Ruturaj Gaikwad set the stage on fire in the recently concluded Indian Premier League (IPL) with his brilliant batting...

Mikheil Saakashvili’s arrest further complicates relations between Georgia and the EU

0
After Mikheil Saakashvili met with members of the European parliament last month, they urged the former Georgian president-turned-exiled opponent not to return to a...

Social distancing was reduced at the Great Mosque of Mecca |...

0
While social distancing measures were lifted, Saudi authorities said pilgrims must be vaccinated and wear face masks.The Grand Mosque in the Muslim holy city...

Report: Cybercriminals Refine Tactics to Exploit Zero-Day Vulnerabilities

0
HP Wolf Security captured vulnerabilities of the zero-day CVE-2021-40444, a remote code execution vulnerability in the MSHTML browser engine that can be activated simply...

The day I cooked timpano with Stanley Tucci | Food

0
Getting your homework marked by Stanley Tucci is terrifying. Not because he is scary. On the contrary. He has impeccable, courtly manners. It’s terrifying...

How long will Russell Wilson be out? Injury timeline, return...

0
It may take a bit of getting used to, but there will be a new look for the quarterback in Seattle for the first...

How to get a surfboard and loot box

0
Garena Free Fire offers a wide variety of unique cosmetic items, and to obtain most of them, users need to spend their premium in-game...

Spanish suspense writer Carmen Mola revealed to be three men |...

0
A literary prize of one million euros has removed three Spaniards from anonymity to reveal that they are behind the ultraviolent Spanish criminal thrillers...

Lamar Jackson reacts to Louisville jersey removal

0
Lamar Jackson got a big surprise when he learned that Louisville will be retiring his No. Eighth. Louisville coach Scott...

Pregnant Women at Risk from Conflicting Messages from Health Professionals About...

0
Some health professionals are advising pregnant women not to get the Covid vaccine despite an edict of the NHS that should encourage them to...

Why Dodgers’ Tony Gonsolin wears cat cleats: ‘I always liked cats’

0
There's no question which side of the cat and dog debate Tony Gonsolin falls on. The Dodgers' law has taken their love for feline friends...

The Godfather shares why the Rock stopped traveling with him

0
The godfather of the WWE Hall of Fame recently appeared on It's my wrestling podcast and talked about a funny incident with Dwayne 'The...

Afghanistan: Mass funeral for the victims of the Kandahar mosque attack...

0
A mass funeral ceremony has been held for the victims who died in Friday's suicide bomb attack at a Shiite mosque in the southern...

New Victoria Covid Restrictions: Melbourne Closure Update, Curfew, and Vic Coronavirus...

0
Covid's restrictions in Victoria will change again from Friday, October 22, when Melbourne's shutdown will end after the state reaches a 70% total vaccination...

Spies next door? America’s suburban couple charged with espionage |...

0
W.hen accused spies Jonathan and Diana Toebbe were escorted to a West Virginia courthouse to be indicted on espionage charges, they looked like any...

Benefiting from the Comprehensive Agrarian Reform Program

0
(First of two parts) "...As a country advances in economic development, agriculture contributes proportionally less to national production compared to other sectors of the economy....
- Advertisement -

Don't Miss