Why I Still Trust Zoom

I've been getting some questions at the office regarding Zoom's recent "Security and Privacy issues". I decided to put my thoughts on these issues down in writing here.

As of now we have not seen any issues with Zoom that would justify looking at other options. Zoom has responsibly reported issues, corrected them very quickly, and been open and transparent. We have configured our Zoom accounts to appropriately apply security settings so that our meetings are private and secure, we’ve also produced training documents for Staff on how to best use Zoom to ensure we are able to use it in a HIPAA compliant method.

One of the questions I received was about the article (https://www.cbsnews.com/news/zoom-app-personal-data-selling-facebook-lawsuit-alleges/) is relating to Zoom’s use of a Software Development Kit(SDK) from Facebook, this isn’t software that was developed by Zoom but was linked to Zoom’s application on Apple iOS devices (iPhones and iPads) that allowed users to sign in using their Facebook accounts, because of the way Facebook engineered this SDK it allowed personal information to be sent back to Facebook. Zoom has since modified the way they handle logins to their systems when using Facebook to prevent this. Unfortunately, this same SDK is in use on many other iOS applications that have not been corrected, as well as hundreds of thousands of websites.

Many other Video Conferencing solutions have had similar issues recently, however since Zoom is the market leader in that area, they have been getting most of the press coverage. Many of issues reported recently, have been poorly reported or exaggerated by the media. Most of these reports are around consumers using Zoom for private/personal meetings, as Zoom was designed as business software. All the security issues that have been reported recently have been corrected, by Zoom, often in as little as a day. Several others were a result of issues with other company’s technology.


Chrome forces HTTPS on all .dev domains

If you're anything like me your development workflow involves spinning up VMs using Vagrant or some other workflow automation process. (shoutout to geerlingguy and the DrupalVM project!) I've been creating this Development machines for projects for years now using projectname.dev as my local dev path. Well, turns out that ".dev" is now a valid TLD. A recent update to Google Chrome (Chrome 63) has pushed an update where all .dev TLDs are set to force_https.

Date Hiked
5 years ago
Trail Head
43° 48' 10.5361", -75° 9' 7.0255"

Just south of Big Moose Lake, a scenic hike across streams and past ponds. Hiked this in the autumn and was able to enjoy the changing leaves. The trail was well marked and maintained.