Why I Never Use Zoom

UPDATED 16 May 2021 | Zoom or Not? NSA Offers Agencies Guidance for Choosing Videoconference Tools [27 Apr 2020]

Analysis by a cybersecurity expert for Project Spectrum—an initiative supported by the Defense Department’s Office of Small Business Programs—advises entities within the defense industrial base to avoid using Zoom. Among other things, the researcher cites the company’s connections to China. 
UPDATED 11 APR 2021 | Huge Zoom flaw lets hackers completely take over your Mac or PC [updated]

Business Insider, 6 April 2020
  • Zoom has admitted that some call data was routed through China for non-China users.
  • CEO Eric Yuan said the calls were routed “mistakenly” after the company ramped up capacity to cope with a huge increase in demand.
  • Separately, researchers at the University of Toronto found  Zoom’s encryption used keys issued via servers in China, even when call participants were outside of China. 
  • China does not enforce strict data privacy laws and could conceivably demand that Zoom decrypt calls

Read more from Business Insider

Move Fast and Roll Your Own Crypto – A Quick Look at the Confidentiality of Zoom Meetings

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

My Opinion

I am older than the internet and have incorporated IT technology in my business up until three years ago when I retired. ‘Mistakenly’ is a synonym to ‘accidentally’ or ‘unintentionally’ in the world of information technology (IT).

Routers and switches do nothing ‘accidentally’ or ‘mistakenly’. Everything a router does is 100% intentional.

Is Eric Yuan a Chinese spy? I don’t know. Perhaps the CIA or the FBI can answer this question. What I do know about immigrants from communist China is from U.S. news stories.

What I do know is Eric and his wife were born, raised, and educated in communist China.

The communist Chinese government requires full access to all software of all companies doing business in China.

I believe we must trust but verify all business and educational activities with native Chinese living and working in our country. At this point in time, I do not view Zoom Communications as trustworthy.

John White
Rockwall, Texas

Published by John White

A lifetime (over 50 years) of experiences with automation and control systems ranging from aerospace navigation, radar, and ordinance delivery systems to the world's first robotic drilling machine for the oil patch, to process-control systems, energy management systems and general problem-solving. At present, my focus is on self-funding HVAC retrofit projects and indoor air quality with a view to preventing infections from airborne pathogens.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: